# Bayesian Network use to estimate Average Probability of Failure on Demand on safety systems

<img style="float: right; margin: 0px 0px 10px 10px;" src="https://senwork.com/wp-content/uploads/2020/05/Picture9.png" width="620px" height="400px" />
<p>&nbsp;</p>

<div align="justify"> Manufacturing facilities and their components are particularly subjected to accidental events that can affect workers,population, as well as assets, environment, and last but not least, production quality and yield. In order to decrese the possibility of this events to occur, engineers and safety professionals design safety systems that avoid or mitigate this incidents. But, how to be sure that this protection systems not going to fail when we need it? That's why knowing the <b>probability of failure on demand (PFD) for protection systems</b> is important for industry, because it is telling us that if something goes wrong, we have a protection system ready to act. </div>

<p>&nbsp;</p>
<div align="justify">For this study, we're going to use bayesian networks (a probabilistic graphical models) in order to estimate if this safety systems have the mininum availability required to operate safe, and how probability of an undesirable event can decrease if avaliability of protection system is adequate enough.</div>
______________________

**By:**
- Garay Gutierrez, Adrian Josue.
- Rubio Origel, Miguel Angel.

## 1. Problem description

Nowadays, industrial processes are becoming more complex due to dynamic and technology, among other factors. Simultaneously, organizations have focused on policies to achieve and demonstrate people’s safety and health, environmental management system and controlling risks due manufacturing processes are subjected to accidental events all the time. In this context, any industrial system, as modern and innovative as can be, could be considered to pose a serious risk to people’s health,the environment and to the costs of industrial equipment, in the event that a failure fails to be diagnosed and treated correctly. In order to decrease the possibility of this events to occur, experts indicate that the solution to this problem involves the application of a layer of risk reduction called **safety systems** (also called functional safety systems) , that are specifically designed to perform functions that maintain a process in a safe state when any risk is detected.

This systems are a set of **safety functions**. A safety function is the action of a **collection of equipment or elements (such as valves, sensors, transmitters, utilities, safety equipment, etc)** to implement automatic mitigation of a particular hazard. Some examples of common Safety Functions: 

- Car brake stop
- ESD valve – Shutdown process
- Sprinkler system 
- High pressure in a vessel opens a vent valve
- Guard sensing/speed sensing functions
- Coolent valve - Open 
- Overflow sensing functions

An example of a safety function is shown below.

<img src="https://realpars.com/wp-content/uploads/2018/08/Safety-Instrumented-System..gif" width="620px" height="400px" />

Safety functions are often designed to be working in the background, monitoring a process, but not doing anything until a safety limit is exceeded when they must take some action to keep the process safe. Notice that **if this systems are not available, probability to present one of this events trend to increase**. We define availability as *the proportion of time for which the equipment is able to perform its function* so the rest of time is **unavailable (1 - availability)**. Said this, a new term of effectiveness of a safety system is introduced **Probability of Failure on Demand (PFD)**. PFD is the unavailability of a safety function or the likelihood that a component or a system will fail to perform its designated function at the time it is required.

<img src="https://realpars.com/wp-content/uploads/2018/08/Probability-of-Failure-on-Demand.png" width="620px" height="400px" />


**PFD of a system is the estimation given safety functions PFDs; PFD of a safety function is the estimation given elements PFDs**.

<a id='el_PFD'></a>Elements PFDs are usually **estimated by manufacturers** based on a failure analysis of collected data through time. Also, particular studies made by companies give information of different elements PFDs (such as human response, utilities availability, etc) or how periodic maintanence or inspection increase or deacrese PFD given by manufacturers.

<img src="https://realpars.com/wp-content/uploads/2018/08/Example-for-Probability-of-Failure-on-Demand-PFD..png" width="620px" height="400px" />
 
To sum up, estimate PFD of a system **is necessary to know its availability and determine if process associated risk is tolerable**.

<img  src="https://realpars.com/wp-content/uploads/2018/08/Risk-Matrix-for-Safety-Instrumented-System.png" width="620px" height="400px" />
<img  src="https://realpars.com/wp-content/uploads/2018/08/reduce-the-risk-Industrial-Manufacturing.png" width="620px" height="400px" />



## 2. Probabilistic graphical model proposal

Bayesian network probabilistic graphical models(BN) have been widely used to solve various problems (for example diagnosis, failure prediction and risk analysis, classification). Modelling by using bayesian network is performed in two steps: the qualitative step (construction of the network or the graph) and the quantitative step (estimating the probability distribution tables). Bayesian network are increasingly used in various fields and applications such as operating safety, risk analysis, maintenance, as well as finance, and the field or image processing.

The phase of the quantitative analysis in the construction of bayesian networks is considered a very difficult task in estimating the a prior marginal and conditional probabilities of each node of the network. A prior probability is based on the knowledge provided by expert of the process or obtained by learning methode or algorithm from an experimental or experience feedback database.

To generate our model, Fault trees models that are in literature (knowledge provided by expert or by manufacturers) has been "traduced" to BN.

The methodology used to build de BN model to estimate PFD of a safety system is the following:

- Qualitative exploitation of events for the fault tree representation.
- Define the safety function to be analyzed; explicitly shows all the different relationships that are necessary to result in the top event.
- Exploits the existing data (Given by experts and manufacturers) of the system or function under study, to quantify the PFD.
- Deriving the graphical structure of the BN via transforming the Fault Tree according to the proposed methodology.

Building bayesian network from the fault tree is to transform the graphical representation of the fault tree into bayesian network. Events and logic Gates (AND, OR) are the basic elements for the fault tree. However, the  bayesian network use as basic elements nodes that representing events and arcs that model the dependences between events and relations causes - effect.

The adopted method in this works consists to transform the different kinds of events of the fault tree to nodes in the associated bayesian networks, and the logic gates (AND, OR) not participating in the form of the graphical structure of the networks.

Next, the construction of a bayesian network from a fault tree lies in the estimation (quantification) of probabilities. It consists in this step to assign probabilities of occurrence of basic events (primaries) of fault tree to node roots as probabilities a priori, but in case of induced events (intermediate) and final events associated probabilities will be estimated on the basis of calculation of conditional probabilities as shown on following algorithm:

<img src="img_1.png" width="620px" height="100px" />

The following examples demonstrates how these algorithm works:

### OR gate

We want to calculate PFD from a glove valve, their components are the valve (actuator and body) and solenoid valve, as follows:


<img src="Drawing1.jpg" width="500px" height="300px"/>


Valve fault tree is:

<img src="Drawing3.jpg" width="600px" height="300px"/>

Globe and Solenoid valves manufacturers estimate their failure frequency as:

- Solenoid valve = 0.02/year
- Globe valve = 0.02/year

which can be taken as **element PFD**(as we explained *[here](#el_PFD)*). 

An OR gate is used because **if any of the elements fails to perform their function, valve also will fail**

We can estimate valve PFD with follow BN:

<img src="Drawing4.jpg" width="400px" height="300px"/>

Where:

- $S$olenoid valve will fail when needed (True = $s^1$, False = $s^0$),
- $G$lobe valve will fail when needed (True = $g^1$, False = $g^0$),
- $V$alve will fail when needed (True = $v^1$, False = $v^0$).

Now, lets construct Bayesian network using pgmpy:

In [1]:
# Import pgmpy.models.BayesianModel
from pgmpy.models import BayesianModel
# Import pgmpy.factors.discrete.TabularCPD and DiscreteFactor
from pgmpy.factors.discrete import TabularCPD, DiscreteFactor
#Inferece just for evaluate
from pgmpy.inference import VariableElimination

In [2]:
#Define network through edges 
valvePFD = BayesianModel([('S', 'V'), 
                         ('G', 'V')])



In [3]:
#Define Conditional Probability Distribution of S
cpd_S = TabularCPD(variable='S',
                   variable_card=2,
                   values=[[0.98],   
                           [0.02]])  
                            

#Define Conditional Probability Distribution of G
cpd_G = TabularCPD(variable='G',
                   variable_card=2,
                   values=[[0.98],  
                           [0.02]]) 

#Define Conditional Probability Distribution of V
cpd_V = TabularCPD(variable='V',
                   variable_card=2,
                   evidence=['S', 'G'],
                   evidence_card=[2, 2],
                   values=[[1.00, 0.00, 0.00, 0.00],
                           [0.00, 1.00, 1.00, 1.00]])

In [4]:
#Associate the conditional distributions to the network
valvePFD.add_cpds(cpd_S, cpd_G, cpd_V)

In [5]:
# Check the model for various errors. This method checks for the following errors:  
# * Checks if the sum of the probabilities for each state is equal to 1 (tol=0.01).
# * Checks if the CPDs associated with nodes are consistent with their parents.
valvePFD.check_model()

True

Our BN is consistent and presents no issues, so let's evaluete it:

In [6]:
#Lets use pgmpy.inference for infer PFD.
infer = VariableElimination(valvePFD)
Valve_PFD = infer.query(['V'])

HBox(children=(FloatProgress(value=0.0, max=2.0), HTML(value='')))

HBox(children=(FloatProgress(value=0.0, max=2.0), HTML(value='')))





In [7]:
Valve_PFD.values[1]

0.0396

Valve PFD is **0.0396**

### AND gate

Continuing valve example, Process engineer concluded that a redundant instrumentation air supply is required in order to not disturb valve PFD, as shown on the following P&ID:

<img src="Drawing5.jpg" width="500px" height="300px"/>

Instrumentation air supply fault tree is:

<img src="Drawing6.jpg" width="600px" height="300px"/>

Process engineers expierence estimate supply air failure frequency as 0.2/year.

An AND gate is used because **both elements need to fail to have a total failure**,in other words, if one air supply fails the other one prevent a supply air failure.

We can estimate redundant air supply PFD with follow BN:

<img src="Drawing7.jpg" width="400px" height="300px"/>

Where:

- $A$ir supply $1$ will fail when needed (True = $a1^1$, False = $a1^0$),
- $A$ir supply $2$ will fail when needed (True = $a2^1$, False = $a2^0$),
- Instrumentation $A$ir $S$upply will fail when needed (True = $as^1$, False = $as^0$).

Bayesian network using pgmpy:

In [8]:
#Define network through edges 
ASPFD = BayesianModel([('A1', 'AS'), 
                       ('A2', 'AS')])

In [9]:
#Define Conditional Probability Distribution of A1
cpd_A1 = TabularCPD(variable='A1',
                   variable_card=2,
                   values=[[0.80],   
                           [0.20]])  
                            

#Define Conditional Probability Distribution of A2
cpd_A2 = TabularCPD(variable='A2',
                   variable_card=2,
                   values=[[0.80],  
                           [0.20]]) 

#Define Conditional Probability Distribution of AS
cpd_AS = TabularCPD(variable='AS',
                   variable_card=2,
                   evidence=['A1', 'A2'],
                   evidence_card=[2, 2],
                   values=[[1.00, 1.00, 1.00, 0.00],
                           [0.00, 0.00, 0.00, 1.00]])

In [10]:
#Associate the conditional distributions to the network
ASPFD.add_cpds(cpd_A1, cpd_A2, cpd_AS)

In [11]:
# Check the model for various errors. This method checks for the following errors:  
# * Checks if the sum of the probabilities for each state is equal to 1 (tol=0.01).
# * Checks if the CPDs associated with nodes are consistent with their parents.
ASPFD.check_model()

True

In [12]:
#Lets use pgmpy.inference for infer PFD.
infer = VariableElimination(ASPFD)
AS_PFD = infer.query(['AS'])

HBox(children=(FloatProgress(value=0.0, max=2.0), HTML(value='')))




HBox(children=(FloatProgress(value=0.0, max=2.0), HTML(value='')))




In [13]:
AS_PFD.values[1]

0.04000000000000001

Air supply PFD is **0.0400**

To end this example, lets see how both systems interacts.

On the OR gate example, air supply failure was ignored. Now lets add it:

<img src="Drawing8.jpg" width="600px" height="300px"/>

BN:

<img src="Drawing9.jpg" width="400px" height="300px"/>

Where:

- $S$olenoid valve will fail when needed (True = $s^1$, False = $s^0$),
- $G$lobe valve will fail when needed (True = $g^1$, False = $g^0$),
- Instrumentation $A$ir $S$upply will fail when needed (True = $as^1$, False = $as^0$),
- $V$alve will fail when needed (True = $v^1$, False = $v^0$).

Bayesian network using pgmpy:

In [14]:
#Define network through edges 
valvePFD2 = BayesianModel([('S', 'V2'), #V is changed to V2 because is another PFD inference.
                           ('G', 'V2'),
                           ('A1','V2')]) #Any air supply can be used for this example

In [15]:
#Define Conditional Probability Distribution of V2
cpd_V2 = TabularCPD(variable='V2',
                   variable_card=2,
                   evidence=['S', 'G', 'A1'],
                   evidence_card=[2, 2, 2],
                   values=[[1.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00],
                           [0.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00]])

In [16]:
#Associate the conditional distributions to the network
valvePFD2.add_cpds(cpd_S, cpd_G, cpd_A1, cpd_V2)

In [17]:
# Check the model for various errors. This method checks for the following errors:  
# * Checks if the sum of the probabilities for each state is equal to 1 (tol=0.01).
# * Checks if the CPDs associated with nodes are consistent with their parents.
valvePFD2.check_model()


True

In [18]:
#Lets use pgmpy.inference for infer PFD.
infer = VariableElimination(valvePFD2)
Valve_PFD2 = infer.query(['V2'])

HBox(children=(FloatProgress(value=0.0, max=3.0), HTML(value='')))




HBox(children=(FloatProgress(value=0.0, max=3.0), HTML(value='')))




In [19]:
Valve_PFD2.values[1]

0.23168

Valve PFD is **0.23168** taking into account air supply failure.

What happen if we add a redundant instrumentation air supply:

<img src="Drawing10.jpg" width="900px" height="300px"/>

BN:

<img src="Drawing11.jpg" width="700px" height="300px"/>

Where:

- $A$ir supply $1$ will fail when needed (True = $a1^1$, False = $a1^0$),
- $A$ir supply $2$ will fail when needed (True = $a2^1$, False = $a2^0$),
- Instrumentation $A$ir $S$upply will fail when needed (True = $as^1$, False = $as^0$),
- $S$olenoid valve will fail when needed (True = $s^1$, False = $s^0$),
- $G$lobe valve will fail when needed (True = $g^1$, False = $g^0$),
- $V$alve will fail when needed (True = $v^1$, False = $v^0$).

Bayesian network using pgmpy:

In [20]:
#Define network through edges 
valvePFD3 = BayesianModel([('S', 'V3'), #V is changed to V3 because is another PFD inference.
                           ('G', 'V3'),
                           ('AS','V3'), 
                           ('A1','AS'),
                           ('A2','AS')])

In [21]:
#Define Conditional Probability Distribution of V2
cpd_V3 = TabularCPD(variable='V3',
                   variable_card=2,
                   evidence=['S', 'G', 'AS'],
                   evidence_card=[2, 2, 2],
                   values=[[1.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00],
                           [0.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00]])

In [22]:
#Associate the conditional distributions to the network
valvePFD3.add_cpds(cpd_S, cpd_G, cpd_AS, cpd_A1, cpd_A2, cpd_V3)

In [23]:
# Check the model for various errors. This method checks for the following errors:  
# * Checks if the sum of the probabilities for each state is equal to 1 (tol=0.01).
# * Checks if the CPDs associated with nodes are consistent with their parents.
valvePFD3.check_model()

True

In [24]:
#Lets use pgmpy.inference for infer PFD.
infer = VariableElimination(valvePFD3)
Valve_PFD3 = infer.query(['V3'])

HBox(children=(FloatProgress(value=0.0, max=5.0), HTML(value='')))

HBox(children=(FloatProgress(value=0.0, max=5.0), HTML(value='')))




In [25]:
Valve_PFD3.values[1]

0.078016

Valve PFD is **0.078016** when we add a redundant air supply, significantly less than **0.23168** Valve PFD without redundant air supply.

## 3. Model evaluation
Remember our safety function example?

<img src="https://realpars.com/wp-content/uploads/2018/08/Safety-Instrumented-System..gif" width="620px" height="400px" />

To show that estimating PFD for safety systems can help us to propose solutions to decrease risk in operations, we're going to infere example PFD and add elements or another functions in order to reduce likelihood of an undesearable event to happen.

From reactor diagram, we can assume that:

- Indication of pressure and indication of inferred pressure using temperature protect a reactor from loss of containment by stop energy supply.
- Both PTs act as a redundant system.
- PLC (logic solver) is a fault tolerant system.
- Final actuators are redundant isolation valves.
- Instrumentation Air supply is proven safety.
- Electric energy supply to instruments is proven safety.
- All instalation staff are qualify, so human error can be discarded.


Manufacturers estimate failure frequency of elements as:

- Solenoid valve = 0.02/year
- Isolation valve = 0.02/year
- Temperature transmitter = 0.02/year
- Pressure transmitter = 0.02/year
- Logic solver = 0.00005/year

But instrumentation engineers experience has shown that a yearly inspection of elements made by qualify workers **decrease by half** failure frequency, so adjusted values are:

- Solenoid valve = 0.01/year
- Isolation valve = 0.01/year
- Temperature transmitter = 0.01/year
- Pressure transmitter = 0.01/year
- Logic solver = 0.00005/year -> Manufacturer do not recommend to make annual inspection.

Fault tree for function is:

<img src="Drawing12.jpg" width="900px" height="500px"/>

BN:

<img src="Drawing13.jpg" width="700px" height="300px"/>

Where:

- $S$olenoid valve $1$ will fail when needed (True = $s1^1$, False = $s1^0$),
- $S$olenoid valve $2$ will fail when needed (True = $s2^1$, False = $s2^0$),
- $I$solation valve $1$ will fail when needed (True = $i1^1$, False = $i2^0$),
- $I$solation valve $2$ will fail when needed (True = $i2^1$, False = $i2^0$),
- $V$alve $1$ will fail when needed (True = $v1^1$, False = $v1^0$),
- $V$alve $2$ will fail when needed (True = $v2^1$, False = $v2^0$),
- $V$alve$S$ will fail when needed (True = $vs^1$, False = $vs^0$),
- $P$ressure transmitter $1$ will fail when needed (True = $p1^1$, False = $p1^0$),
- $P$ressure transmitter $2$ will fail when needed (True = $p2^1$, False = $p2^0$),
- $P$ressure transmitter$S$ will fail when needed (True = $ps^1$, False = $ps^0$),
- $T$emperature transmitter will fail when needed (True = $ts^1$, Fal$S$e = $ts^0$),
- Transmitter$S$ will fail when needed (True = $ss^1$, Fal$S$e = $ss^0$),
- $L$ogic $S$olver will fail when needed (True = $ls^1$, False = $ls^0$),
- $S$afety $F$unction will fail when needed (True = $fs^1$, False = $fs^0$).

Bayesian network using pgmpy:

In [26]:
#Define network through edges 
SFPFD = BayesianModel([('P1','PS'),
                       ('P2','PS'),
                       ('PS','SS'), 
                       ('TS','SS'),
                       ('I1','V1'), 
                       ('S1','V1'),
                       ('I2','V2'), 
                       ('S2','V2'),
                       ('V1','VS'), 
                       ('V2','VS'),
                       ('VS','SF'),
                       ('LS','SF'), 
                       ('SS','SF')])

In [27]:
#Define Conditional Probability Distribution of P1
cpd_P1 = TabularCPD(variable='P1',
                   variable_card=2,
                   values=[[0.99],   
                           [0.01]])  
                            

#Define Conditional Probability Distribution of P2
cpd_P2 = TabularCPD(variable='P2',
                   variable_card=2,
                   values=[[0.99],   
                           [0.01]])

#Define Conditional Probability Distribution of I1
cpd_I1 = TabularCPD(variable='I1',
                   variable_card=2,
                   values=[[0.99],   
                           [0.01]])

#Define Conditional Probability Distribution of I2
cpd_I2 = TabularCPD(variable='I2',
                   variable_card=2,
                   values=[[0.99],   
                           [0.01]]) 

#Define Conditional Probability Distribution of S1
cpd_S1 = TabularCPD(variable='S1',
                   variable_card=2,
                   values=[[0.99],   
                           [0.01]])  

#Define Conditional Probability Distribution of S2
cpd_S2 = TabularCPD(variable='S2',
                   variable_card=2,
                   values=[[0.99],   
                           [0.01]])  

#Define Conditional Probability Distribution of TS
cpd_TS = TabularCPD(variable='TS',
                   variable_card=2,
                   values=[[0.99],   
                           [0.01]])  

#Define Conditional Probability Distribution of LS
cpd_LS = TabularCPD(variable='LS',
                   variable_card=2,
                   values=[[0.99995],   
                           [0.00005]])

In [28]:
#Define Conditional Probability Distribution of V1
cpd_V1 = TabularCPD(variable='V1',
                   variable_card=2,
                   evidence=['I1', 'S1'],
                   evidence_card=[2, 2],
                   values=[[1.00, 0.00, 0.00, 0.00],
                           [0.00, 1.00, 1.00, 1.00]])

#Define Conditional Probability Distribution of V2
cpd_V2 = TabularCPD(variable='V2',
                   variable_card=2,
                   evidence=['I2', 'S2'],
                   evidence_card=[2, 2],
                   values=[[1.00, 0.00, 0.00, 0.00],
                           [0.00, 1.00, 1.00, 1.00]])

#Define Conditional Probability Distribution of PS
cpd_PS = TabularCPD(variable='PS',
                   variable_card=2,
                   evidence=['P1', 'P2'],
                   evidence_card=[2, 2],
                   values=[[1.00, 1.00, 1.00, 0.00],
                           [0.00, 0.00, 0.00, 1.00]])

#Define Conditional Probability Distribution of SS
cpd_SS = TabularCPD(variable='SS',
                   variable_card=2,
                   evidence=['PS', 'TS'],
                   evidence_card=[2, 2],
                   values=[[1.00, 1.00, 1.00, 0.00],
                           [0.00, 0.00, 0.00, 1.00]])

#Define Conditional Probability Distribution of VS
cpd_VS = TabularCPD(variable='VS',
                   variable_card=2,
                   evidence=['V1', 'V2'],
                   evidence_card=[2, 2],
                   values=[[1.00, 1.00, 1.00, 0.00],
                           [0.00, 0.00, 0.00, 1.00]])

#Define Conditional Probability Distribution of SF
cpd_SF = TabularCPD(variable='SF',
                   variable_card=2,
                   evidence=['SS', 'LS', 'VS'],
                   evidence_card=[2, 2, 2],
                   values=[[1.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00],
                           [0.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00]])

In [29]:
#Associate the conditional distributions to the network
SFPFD.add_cpds(cpd_P1, cpd_P2, cpd_PS, cpd_TS, cpd_SS, cpd_I1, cpd_I2, cpd_S1, cpd_S2, cpd_V1, cpd_V2, cpd_VS, cpd_LS, cpd_SF)

In [30]:
# Check the model for various errors. This method checks for the following errors:  
# * Checks if the sum of the probabilities for each state is equal to 1 (tol=0.01).
# * Checks if the CPDs associated with nodes are consistent with their parents.
SFPFD.check_model()

True

In [31]:
#Lets use pgmpy.inference for infer PFD.
infer = VariableElimination(SFPFD)
SF_PFD = infer.query(['SF'])

HBox(children=(FloatProgress(value=0.0, max=13.0), HTML(value='')))

HBox(children=(FloatProgress(value=0.0, max=13.0), HTML(value='')))




In [32]:
SF_PFD.values[1]

0.0004469897535098005

Safety function PFD is **0.0004469** that means availability of SF = 0.99955 = **99.95%** which is a really solid value.

At the moment we share our results to company COO (chief operating officer) , he told us that an event of a reactor loss of containment will be catastrophic to company eco-friendly image (and starts to talk a lot about Chernovyl). He wants a **Safety system**, wich availabilty must be, at least, 99.97% 

From reactor HAZOP (hazard and operability study) its concluded that stop energy supply will avoid subit pressure increase, but what happens if this fails? Reactor discharge must be sent to somewhere else, and pressure must be release. Fortunately, on facility exists an old tank with sufficient capacity to receive reactor discharge and a SF to perform this action will be installed. Also, a PRV (pressure relief valve) will be installed (reactor product Its mostly water steam, so enviorement will be ok) to avoid an explosion.

Simplified Safety System P&ID:

<img src="Drawing14.jpg" width="900px" height="300px"/>

Instrumentation engineers said that same considerations from SF1 must be done, so PFD values for elements are:

- PRV = 0.005/year
- Pressure switch = 0.05/year

Fault tree for function is:

<img src="Drawing16.jpg" width="700px" height="500px"/>

BN:

<img src="Drawing20.jpg" width="700px" height="300px"/>

Where:

- Safety $F$unction $1$ will fail when needed (True = $f1^1$, False = $f1^0$),
- Safety $F$unction $2$ will fail when needed (True = $f2^1$, False = $f2^0$),
- $P$ressure $R$elief valve will fail when needed (True = $pr^1$, False = $pr^0$),
- $P$ressure s$W$itch will fail when needed (True = $pw^1$, False = $pw^0$),
- $S$olenoid valve $3$ will fail when needed (True = $s2^1$, False = $s2^0$),
- $I$solation valve $3$ will fail when needed (True = $i1^1$, False = $i2^0$),
- $V$alve $3$ will fail when needed (True = $v3^1$, False = $v3^0$),
- $S$afety $S$ystem will fail when needed (True = $ss^1$, False = $ss^0$).

Bayesian network using pgmpy:

In [33]:
SSPFD = BayesianModel([('I3','V3'), 
                       ('S3','V3'),
                       ('PW','F2'), 
                       ('V3','F2'),
                       ('PR','SY'), #change SS to SY to avoid repeat variables 
                       ('F1','SY'),
                       ('F2','SY')])

In [34]:
#Define Conditional Probability Distribution of I3
cpd_I3 = TabularCPD(variable='I3',
                   variable_card=2,
                   values=[[0.99],   
                           [0.01]])

#Define Conditional Probability Distribution of S3
cpd_S3 = TabularCPD(variable='S3',
                   variable_card=2,
                   values=[[0.99],   
                           [0.01]]) 

#Define Conditional Probability Distribution of PW
cpd_PW = TabularCPD(variable='PW',
                   variable_card=2,
                   values=[[0.95],   
                           [0.05]])  

#Define Conditional Probability Distribution of PR
cpd_PR = TabularCPD(variable='PR',
                   variable_card=2,
                   values=[[0.995],   
                           [0.005]])

#Define Conditional Probability Distribution of F1
cpd_F1 = TabularCPD(variable='F1',
                   variable_card=2,
                   values=[[0.99955],   
                           [0.00045]]) #From basic SF

In [35]:
#Define Conditional Probability Distribution of V1
cpd_V3 = TabularCPD(variable='V3',
                   variable_card=2,
                   evidence=['I3', 'S3'],
                   evidence_card=[2, 2],
                   values=[[1.00, 0.00, 0.00, 0.00],
                           [0.00, 1.00, 1.00, 1.00]])


#Define Conditional Probability Distribution of F2
cpd_F2 = TabularCPD(variable='F2',
                   variable_card=2,
                   evidence=['PW', 'V3'],
                   evidence_card=[2, 2],
                   values=[[1.00, 0.00, 0.00, 0.00],
                           [0.00, 1.00, 1.00, 1.00]])

#Define Conditional Probability Distribution of SS
cpd_SY = TabularCPD(variable='SY',
                   variable_card=2,
                   evidence=['F1', 'F2', 'PR'],
                   evidence_card=[2, 2, 2],
                   values=[[1.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00, 0.00],
                           [0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 1.00]])

In [36]:
#Associate the conditional distributions to the network
SSPFD.add_cpds(cpd_I3, cpd_S3, cpd_V3, cpd_PW, cpd_F2, cpd_F1, cpd_PR, cpd_SY)

In [37]:
# Check the model for various errors. This method checks for the following errors:  
# * Checks if the sum of the probabilities for each state is equal to 1 (tol=0.01).
# * Checks if the CPDs associated with nodes are consistent with their parents.
SSPFD.check_model()

True

In [38]:
#Lets use pgmpy.inference for infer PFD.
infer = VariableElimination(SSPFD)
SS_PFD = infer.query(['SY'])

HBox(children=(FloatProgress(value=0.0, max=7.0), HTML(value='')))

HBox(children=(FloatProgress(value=0.0, max=7.0), HTML(value='')))




In [39]:
SS_PFD.values[1]

1.5503625000000002e-07

Safety system PFD is 1.5503625e-07 that means availability of SS = 0.009999998 = **99.99998%** which **is higher than 99.97% required by COO.**

## 4. Conclusions

* Bayesian inferences permit to calculate the joint posterior probability of the different variables which can overcome the limitations of fault tree regarding the diagnosis.

* The Analysis of the obtained results by the methodology of converting the fault tree into bayesian networks allowed to identify the critical components, and contributed in using the inspection in order to increase the system’s reliability and availability.

* Safety systems and safety functions proper design is critical to deacrease operational risk.

* We shown by estimating safety systems and functions PFD given elements PFDs of a system that can be real or not (remember that this is usally confidential information) that when risk is not tolerable, we can always add more protection to operate safer. 

## 5. Addendum

### Addendum A - Failure Frequencies and Probabilities for Miscellaneous Equipment

You can check it [here](https://github.com/agaray54/Bayesian-Network-use-to-estimate-Average-Probability-of-Failure-on-Demand-on-safety-systems/blob/main/Failure%20Frequencies%20and%20Probabilities%20for%20Miscellaneous%20Equipment.pdf) 

### Addendum B - SamIam BN inference interactive.

Review all BN made for this study and interact whit them [here](https://github.com/agaray54/Bayesian-Network-use-to-estimate-Average-Probability-of-Failure-on-Demand-on-safety-systems)

<script>
  $(document).ready(function(){
    $('div.prompt').hide();
    $('div.back-to-top').hide();
    $('nav#menubar').hide();
    $('.breadcrumb').hide();
    $('.hidden-print').hide();
  });
</script>

<footer id="attribution" style="float:right; color:#808080; background:#fff;">
Created with Jupyter by Adrian Garay.
</footer>