Designing for Reliability

In manufacturing, reliability is the product of Maintenance. But there are many factors that can limit the degree of reliability that Maintenance can deliver. One of the most significant is the inherent ability of the operating equipment to perform the required function. The design and selection of equipment sets the bar for Maintenance and if Maintenance does all the right things and reliability is still unsatisfactory, redesign or equipment replacement may be necessary.

There have been some dramatic examples of failures that have resulted from inadequate equipment/system design and selection. These could have been avoided if a thorough design review, using any one of several standard processes (such as RCM), had been performed prior to plant construction.

One example with which I was involved is the failure of a 25,000HP pulp refiner. Shortly after start-up, a 250mA control fuse failed, shutting down the main oil pump and resulting in the destruction of the main refiner bearings. The main oil pump was, from a control point of view, quite remote from the equipment that it was protecting. Compare this to a large steam turbine in the same plant. The main turbine oil pump is mounted directly to the end of the turbine shaft so that as long as the turbine is turning, so is the oil pump. Of course, there are auxiliary pumps for start-up and to provide emergency backup, but the design principle of keeping the “control connection” between operating equipment and the other services required for its protection (such as lube pumps) as simple and direct as possible provides the highest level of reliability. The number of possible modes of failure in the refiner example is much higher than on the turbine.

Two other examples are similar to each other and relate to the failure of emergency backup systems. One was the power failure at Hartsfield-Jackson Atlanta International Airport in December 2017 and the other is the failure of the emergency generating system at the Fukushima Daiichi Nuclear Power Plant in March 2011. In Atlanta, the cables for the primary and backup power supplies shared the same service tunnel and were both damaged by the same fire. At Fukushima, the emergency generators were installed at a low level and were inundated by a tsunami resulting in the partial destruction and complete closure of the nuclear power station. The area was recognized as having the potential to be subject to a tsunami. A thorough design review of both installations based on an understanding of their operating context, which must include emergency situations, should have enabled both these failures to be avoided.

Primary and backup systems should be kept separate to prevent any foreseeable event from rendering both unserviceable at the same time. In particular, the isolating devices (valves or electrical breakers) that separate primary and backup systems should be located so that they will be accessible and can be operated under any foreseeable emergency situation. These critical isolating devices should be very carefully selected and will normally be of a much higher quality than dictated by normal plant component standards. They are normally very difficult to access for routine maintenance and they must be completely reliable, even if they are not operated for many years.

There are, of course, many other considerations when designing and selecting equipment and systems, but a critical and logical analysis of the effects of failures and possible emergencies, such as fires, earthquakes and floods and a plan to mitigate resulting damage should be fundamental components of the design process. Maintenance has a key role in ensuring that backup systems are regularly tested and properly maintained.

 

To return to the “Articles” index click here.

© Veleda Services Ltd

Don Armstrong, President