Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 199
Risk of Vessel Accidents and Spills in the Aleutian Islands: Designing a Comprehensive Risk Assessment APPENDIX F Event Sequence Diagram Method and Risk Scenario Development The event sequence diagram method is a simple and powerful modeling tool for developing possible risk scenarios. It enables visualization of the logical and temporal sequence of causal factors leading to various states of the system. Figure F-1 illustrates the event sequence diagram method. The figure depicts the change of state of a vessel initially operating within the “safe functional/physical zone” (shaded area). At Point A, an event (e.g., equipment failure) occurs, causing deviation from the normal operating zone and putting the vessel in an undesired state (Point B). Another event (e.g., crew recovery action) is initiated at that point, and depending on whether it succeeds or fails, the vessel returns to the safe zone (Point C), or an accident occurs (Point F). The sequence of events from A (the initiating event) to the end states (C or F) forms two simple scenarios. These scenarios provide the context within which the events and their causes are evaluated as potential hazards or sources of risk. In event sequence diagramming, a set of graphical symbols is used to describe the various elements of a scenario. Figure F-2 shows a simple event sequence diagram. The diagram starts with a circle symbolizing the initiating event or condition. The possible events or conditions (rectangles in the diagram) that can follow the initiating event are then listed in the proper temporal or logical order, connected by lines, forming various possible strings or sequences of events that ultimately end with a diamond symbol representing their end states. Pivotal events have a single input line and a (Yes/No) pair
OCR for page 200
Risk of Vessel Accidents and Spills in the Aleutian Islands: Designing a Comprehensive Risk Assessment FIGURE F-1 Event sequence diagram method. of output lines, depending on whether the pivotal event occurs (Yes output) or otherwise (No output). The same applies in the case of conditions where Yes means the condition is satisfied and No means the opposite. An event sequence diagram, therefore, is a visual representation of a set of possible risk scenarios originating from an initiating event. Each scenario consists of a unique sequence of occurrences and non-occurrences of pivotal events (Point B or C in Figure F-1). Each scenario eventually leads to an end state, which designates the severity of the outcome of that scenario. FIGURE F-2 Event sequence diagram concept.
OCR for page 201
Risk of Vessel Accidents and Spills in the Aleutian Islands: Designing a Comprehensive Risk Assessment Figure F-3 is an example of a simple event sequence diagram where, given the occurrence of the initiating event, the state of System 1 (a pivotal event) determines whether the sequence leads to success (end state S), when it works, or a human action is required, when it fails. Given the success of human action, another pivotal event (state of System 2) will determine the final outcome: success state (S) if System 2 works or failed state (F) if it fails. The failure of human action also leads to failed state F. Therefore, this simple event sequence diagram depicts four possible risk scenarios, two leading to success and two leading to a failed state (accident). Event sequence diagrams are extremely versatile and can be used to model many situations, ranging from the behavior of purely static systems to that of many types of dynamic systems. Historically, event sequence diagramming has been loosely defined and has been used in a variety of industries for different purposes. It has been used in probabilistic risk analyses by the nuclear power industry to develop and document the basis for risk scenarios, as well as to communicate risk assessment results and models to designers, operators, analysts, and regulators. Event sequence diagrams have also been used in the aviation industry as part of safety and reliability analyses of aircraft systems. The National Aeronautics and Space Administration has used event sequence diagrams to help identify accident scenarios. In all three applications, the diagrams have been used both qualitatively for identification of hazards and risk scenarios and quantitatively to determine probabilities of risk scenarios. FIGURE F-3 Simple event sequence diagram.
OCR for page 202
Risk of Vessel Accidents and Spills in the Aleutian Islands: Designing a Comprehensive Risk Assessment FIGURE F-4 Characterization of elements of marine risk scenarios. Developing scenarios that can be analyzed efficiently requires good engineering knowledge, extensive experience in systems operation, and familiarity with modeling. Figure F-4 characterizes the main aspects of marine scenarios. The scenario begins with an initiating cause, for example, a fire, flooding, or adverse weather. What happens next is a sequence of events that represents the response of the “system” (the ship, its hardware and software, its crew) to the cause and the safeguards in place (barriers, operational controls, and risk control options). The cause can be controlled by the first safeguard; if not, failures may occur (hardware failures, human and organizational failures, or failures caused by environmental stressors). This sequence of events either is arrested or leads to an accident that can have immediate consequences, such as loss of life, physical damage to the ship, or a spill of hazardous materials. If a spill is involved, the scenario continues through transport and deposition of the material in the environment. Mitigation measures (additional safeguards) can limit the damage before environmental and subsequent economic and social consequences accrue. Remediation measures can limit harm to life in the area by cleaning up the contamination.