I.J. Intelligent Systems and Applications, 2013, 01, 16-29 Published Online December 2012 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijisa.2013.01.02 Copyright © 2013 MECS I.J. Intelligent Systems and Applications, 2013, 01, 16-29 Layers of Protection Analysis Using Possibility Theory Nouara Ouazraoui, Rachid Nait-Said, Mouloud Bourareche Laboratory of Research in Industrial Prevention (LRIP), Health and Occupational Safety Institute, Safety Department, University of Batna, Med El-Hadi Boukhlouf Street, Batna 05000, Algeria ouzraoui@yahoo.fr, r_nait_said@hotmail.com, mouloud.bourareche@hotmail.fr Ilyes Sellami Entreprise Nationale des Travaux aux Puits (ENTP Company), B.P. 206, Hassi-Messaoud, Algeria sellami.ilyas@gmail.com Abstract — An important issue faced by risk analysts is how to deal with uncertainties associated with accident scenarios. In industry, one often uses single values de- rived from historical data or literature to estimate events probability or their frequency. However, both dynamic environments of systems and the need to consider rare component failures may make unrealistic this kind of data. In this paper, uncertainty encountered in Layers Of Protection Analysis (LOPA) is considered in the frame- work of possibility theory. Data provided by reliability databases and/or experts judgments are represented by fuzzy quantities (possibilities). The fuzzy outcome fre- quency is calculated by extended multiplication using α- cuts method. The fuzzy outcome is compared to a sce- nario risk tolerance criteria and the required reduction is obtained by resolving a possibilistic decision-making problem under necessity constraint. In order to validate the proposed model, a case study concerning the protec- tion layers of an operational heater is carried out. Index Terms— LOPA, Uncertainty, Possibility Theory, Risk Reduction I. Introduction The problem of reducing risks generated by process industry is a permanent concern of managers and risk experts. In petrochemical industries for instance, there is a wide range of flammable and toxic materials that have the potential to impact the health and safety of workers and the public, the assets and the environment. There- fore, reducing risks to an acceptable or tolerable level becomes an obligation imposed by social and economic considerations. This aim is usually achieved by using a combination of several safeguards including technical and organizational barriers [1,2]. Technical safety barri- ers include Basic Process Control Systems (BPCS), re- lief systems, dump systems and Safety Instrumented Systems (SIS). Layers of Protection Analysis (LOPA), as described in the IEC 61511 standard [3], are a semi-quantitative technique for analysing and assessing risk. It can be used at any time in the life cycle of a process or a facili- ty, but it is most frequently used during the design stage or when modifications to an existing process or its safe- ty systems should be performed [4]. LOPA is a special form of event tree analysis that is optimized for the pur- pose of determining the frequency of an unwanted con- sequence which can be prevented by one or more pro- tection layers. This frequency is a risk measure for a scenario and is compared to a maximum tolerable risk in order to decide whether or not further risk mitigation is needed, according to the principle of “as low as reaso n- ably practicable” (ALARP). In many systems like chemical process plants, com- plexity of technologies and human operator tasks in- creases uncertainty on their behaviour. The more com- plex system the less precise information is available, as stated by Zadeh in [5]. Although great efforts based on good scientific knowledge and past experiences are de- ployed to prevent accident risks, there is still lacking and uncertain information in many parameters and mod- els, especially in the field of rare events like technologi- cal major accidents and/or when considering dynamic environments of systems [6,7]. In conventional LOPA, numbers are usually selected to conservatively estimate failure probabilities rather than to closely represent the actual performance of safe- ty barriers. So, the outcome frequency is intended to be conservative and the risk is overestimated with higher installation and maintenance costs [4,8]. Another alter- native more reassuring and supported by certain experts of system safety, is the use of confidence intervals with lower and upper bounds to quantify failure probabilities [9-12]. Moreover, several data bases like the one of the Center for Chemical Process Safety [13], IEEE standard 500 [14], and OREDA [15] provide such intervals. Alt- hough this approach is very well suited for refining worst case analysis with the presence of less pessimistic lower boundaries, it seems that the probability intervals of certain failures are large (e.g. two magnitude orders and more) and not useful in many real world situations and should be readjusted [16]. Furthermore, as for single