Common Cause Failures impact Risks
Jun 20th, 2018
Today, we look at what happens when Common Cause Failures impact Risks.
Common Cause Failures impact Risks defined
Common cause failures (CCFs) are almost “simultaneous” failures of specific system’s elements resulting from single shared causes or coupling factor (or mechanisms).
By applying the definition above we can immediately see there are two families of CCF:
- The coupled CCF, i.e. interdependent failures where one element failure drives the failure of another element and
- The uncoupled CCF where Physical or environment stresses or Human intervention provokes the almost “simultaneous” failures of specific system’s elements.
In our day to day practice we tackle the couple CCF together with the systemic inter-dependencies.
The uncoupled ones are tackled one by one as specific cases. For example, if the sampling of contaminated water is performed at various stages of a treatment process by operators, a CCF would mean that they progressively slide out of SOP (Standard Operating Procedures). Another scenario is they never apply the appropriate SOP . The result is reducing redundancy to nil.
Lack of training, skills, absenteeism or accountability may be the root cause of the CCF of this example.
Common Cause Failure impact Risks
Indeed, Common Cause Failure impact Risks by significantly increasing the probability of the overall system’s failure.
Why is the impact significant? Simply because CCF “deletes” redundancy. It does not matter is you have two, or ten lines of defence/mitigation: CCF will bring your system down to NO defence/mitigation at all.
As consequences remain constant whether there is a line of defence or more, CCF will boost risks. Remember, lines of defence only act on probability, unless the system is changed.
What can you do?
The mitigation of CCF requires some decisions, which may not be difficult to implement, but require careful planning.
For example, if a specific component generates CCF, say a valve, a pump, redundancy preservation requires redundant elements of different makes and models. That may include using different sources of energy. Of course, it seems against rationalization and efficiency maximization to have different pumps (and spare parts) to perform the same job in a parallel (redundant) layout. However CCF reduction and redundancy assurance demand that kind of action.
If we go back to the man-made sampling, CCF mitigation may mean having different teams checking on each other, “outsider” teams dropping in, etc. Again, it can get tricky, but if the application is really critical, it is worth planning for CCF reduction.
CCF is a special case of inter-dependency.
Risk assessments should always consider how Common Cause Failures impact Risks and Risk Management should always seek to reduce CCF impacts to bring risks under the selected tolerance threshold.
Tagged with: Common Cause Failures, Defence, inter-dependency, mitigation, risks
Category: Consequences, Risk analysis