(16-01-2016, 12:33 PM)dorothy.pipet Wrote: Looking at the first part of question 4 of 2012 paper, it asks for ways to categorise failures. This i think I could do by having 4 to 5 types of severity of consequence such as number and types of injury and harm.
Not sure howto add in compound failures to that.
Do you assume just 2 failures at once, or every possible cascade of failures no matter how unlikely?
Do you take into account whether the failures may be unrelated or associated in some way?
Can anyone elaborate for me or direct me to a good source of further information.
My thanks.
Suggest the categorisation of a failure incident that has actually occurred it should certainly should be by severity of consequence, although of course when looking at the network and wondering about what "other cases" may be latent then obviously a consideration of the network risk does also need an assessment of likelihood. Hence need to draw a distinction re what we actually mean by "failure".
In this question I am interpreting "failure" in the first part to mean an incident that has been known to have occurred and therefore come to light because of the "system level" effect that it has had , rather than just some element not achieving its specification that may or may not be known. I think this is relevant when looking at "compound failures", because this is looking at the chances of the extent imperfections in several items combining in such a way, and in conjunction with various external "luck factors" such as weather to collectively bring about a "system level failure" which draws attention to itself. You probably ought to look at some basic text regarding "Reliability Block Diagram".
You could consider a clamplock for example and consider failure which may singly or in combination cause the throw to be interrupted before reaching he desired position; a low drive voltage may still provide enough power unless the slide chairs are also not well greased. It is possible for microswitch to jam and give a false detection when the rails are not in the correct position, but actually if the points really are in the correct position the fact that there is a false detection does not, by luck, lead to an incident. Of course we don't just rely on that; the microswiches are cross-proved so that if one does stick as if the points are detected Normal, it prevents Reverse detection being achieved and so makes its failure known. Of course if the signaller, having not achieved Reverse position then calls the points back Normal and achieves that detection, they will assume that it is valid detection, but it isn't and if we are unlucky and the points don't actually fully throw on that very occasion then they could be half-and-half yet a signal be given a proceed aspect over them. Hence a rightside failure of the points to complete their travel has compounded the significance of the wrongside failure of the microswitch, but the "time opportunity" in which such a combination could occur does very much limit the risk because of very small likelihood, although consequences remain very great.
I can't expect you need very much detail for 9 marks; I think there was a clear steer to consider "worst case consequence" but then discuss the various barriers to escalation of the HAZARD (in this case microswitch implying points are normal and locked when in fact they are not) and the ACCIDENT (train derailment at points incorrectly set). Certainly you need to bring LIKELIHOOD into the discussion to be able to get an estimate of actual RISK.
