CN116720735A

CN116720735A - High-risk scene management method and system

Info

Publication number: CN116720735A
Application number: CN202310678118.9A
Authority: CN
Inventors: 卫秀峰; 杨�嘉; 王林; 吴国平
Original assignee: Beijing Xiaoan Shuzhi Technology Co ltd
Current assignee: Beijing Xiaoan Shuzhi Technology Co ltd
Priority date: 2023-06-08
Filing date: 2023-06-08
Publication date: 2023-09-08

Abstract

The application discloses a high-risk scene management method and a system, wherein the method can grasp potential safety hazard data of a protective layer in a high-risk scene of a target enterprise after a preset potential safety hazard event occurs in the protective layer; analyzing the potential safety hazard data of the grabbed protective layer based on a related risk analysis means to determine the state of the protective layer in the high-risk scene, wherein the related risk analysis means comprises at least one of a bow tie diagram, a protective layer analysis (LOPA) and a risk matrix; determining the risk of the high-risk scene based on the state of the protective layer in the high-risk scene; and carrying out early warning on risks existing in the high-risk scene. The method can timely grasp potential safety hazards existing in the high-risk scene, so that the monitoring efficiency of the state of the protective layer is improved, the on-line monitoring and the dynamic early warning of the safety risk are realized, and the risk management and control effect of the high-risk scene is improved.

Description

High-risk scene management method and system

Technical Field

The present application relates to the field of electronic technologies, and in particular, to a method and a system for managing a high risk scene.

Background

High risk scenarios typically involve significant risk sources (such as hazardous chemicals), high risk processes, and other risks present in process hazard analysis. High risk scenes are very common in the chemical industry, such as "two-point-one-large". The control of high risk scenes is a great concern in the production of safety. If the major safety risk cannot be effectively managed and controlled, property loss is caused by light weight, environmental pollution is caused by heavy weight, and casualties are caused by heavy weight.

To avoid the occurrence of safety accidents, a series of protective layers are often provided to prevent and treat major safety risks. However, the protective layer can only exert a protective effect if it is effective, and if it fails, it cannot exert a protective effect, and therefore it becomes very important to monitor the state of the protective layer.

At present, the state of each protective layer is determined through a manual inspection mode, and obviously, the mode is low in efficiency and cannot discover potential safety hazards in time, so that important safety risks cannot be effectively managed and controlled.

Disclosure of Invention

The embodiment of the application provides a high-risk scene management method and a system, which can discover potential safety hazards in time, so that the monitoring efficiency of the state of a protective layer is improved, the on-line monitoring and dynamic early warning of the safety risk are realized, and the risk management and control effect of a high-risk scene is finally improved.

In a first aspect, an embodiment of the present application provides a high risk scenario management method, including:

after a preset potential safety hazard event occurs to a protective layer in a high-risk scene of a target enterprise, capturing potential safety hazard data of the protective layer from an automatic operation system of the target enterprise;

analyzing the potential safety hazard data of the grabbed protective layer based on a related risk analysis means to determine the state of the protective layer in the high-risk scene, wherein the related risk analysis means comprises at least one of a bow tie diagram, a protective layer analysis (LOPA) and a risk matrix;

determining the risk of the high-risk scene based on the state of the protective layer in the high-risk scene;

and carrying out early warning on risks existing in the high-risk scene.

In a second aspect, an embodiment of the present application further provides a high risk scenario management system, including:

the hidden danger grabbing module is used for grabbing potential safety hazard data of a protective layer in a high-risk scene of a target enterprise from an automatic operation system of the target enterprise after a preset potential safety hazard event occurs in the protective layer;

the state determining module is used for analyzing the potential safety hazard data of the grabbed protective layer based on related risk analysis means to determine the state of the protective layer in the high-risk scene, wherein the related risk analysis means comprises at least one of a bow tie diagram, a protective layer analysis (LOPA) and a risk matrix;

The risk determination module is used for determining the risk existing in the high-risk scene based on the state of the protective layer in the high-risk scene;

and the risk management and control module is used for early warning the risk existing in the high-risk scene.

According to the at least one technical scheme adopted by the embodiment of the application, on one hand, after a preset potential safety hazard event occurs to the protection layer in the high-risk scene of the target enterprise, the potential safety hazard data of the protection layer can be automatically and timely grasped from an automatic operation system of the target enterprise, the grasped potential safety hazard data of the protection layer is automatically analyzed in real time based on a relevant risk analysis means, the state of the protection layer in the high-risk scene is determined, the high-risk scene management is combined with the real-time data of the operation of the target enterprise, the protection layer state is enabled to be monitored by a number, the automatic audit of the protection layer state is realized, and the manual inspection is not relied on, so that the monitoring efficiency of the protection layer state can be greatly improved; on the other hand, the risk existing in the high-risk scene can be automatically determined based on the state of the protective layer in the high-risk scene, and the risk existing in the high-risk scene is pre-warned, so that the online monitoring and the dynamic pre-warning of the safety risk existing in the high-risk scene are realized, a risk manager can know the risk existing in the high-risk scene in time or in advance, and relevant management and control measures can be conveniently taken, so that the risk management and control effect of the high-risk scene is improved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

fig. 1 is a flow chart of a high risk scenario management method according to an embodiment of the present application.

FIG. 2 is a schematic diagram of a bowtie diagram of a risk node constructed in accordance with an embodiment of the present application.

Fig. 3 is a schematic diagram of a data access architecture of a high risk scenario management method according to an embodiment of the present application.

Fig. 4 is a bowtie diagram of a risk node, a vinyl chloride monomer spherical tank, according to an embodiment of the present application.

Fig. 5 is a bowtie diagram of a risk node, i.e., a vinyl chloride monomer spherical tank, according to an embodiment of the present application.

Fig. 6 is a schematic diagram of a level setting of the possibility of accident of an accident link according to one embodiment of the present application.

Fig. 7 is a schematic diagram of a level setting of severity of an accident link according to one embodiment of the present application.

Fig. 8 is a schematic diagram of a risk matrix according to an embodiment of the present application.

Fig. 9 is a flowchart of a high risk scenario management method according to another embodiment of the present application.

Fig. 10 is a schematic diagram showing a display effect of risk dynamic information according to an embodiment of the present application.

Fig. 11 is a flowchart of a high risk scenario management method according to still another embodiment of the present application.

Fig. 12 is a schematic structural diagram of a high risk scenario management system according to an embodiment of the present application.

Fig. 13 is a schematic structural diagram of a high risk scenario management system according to another embodiment of the present application.

Fig. 14 is a schematic structural diagram of a high risk scenario management system according to still another embodiment of the present application.

Fig. 15 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

In order to improve the monitoring efficiency of the state of the protective layer and the management and control effect of the major safety risk, the embodiment of the application provides a high-risk scene management method and a system.

It should be noted that the high risk scenario management method and system provided by the embodiments of the present application may be applied to any scenario with a high risk scenario management requirement, such as a chemical enterprise with a requirement of a significant risk source (such as a dangerous chemical), a high risk process, and other process hazard analysis, or a "two-important" scenario of the chemical enterprise, that is, a dangerous chemical process under important supervision, a dangerous chemical under important supervision, and a significant risk source.

The embodiment of the application provides a high-risk scene management method and a system, which aim to combine the automatic operation data of chemical enterprises with a safety risk analysis model to enable digital energization high-risk scene management, realize on-line monitoring, dynamic early warning, automatic management and control and the like of important safety risks, finally realize the automation of the whole process of the important risk management and maximize the value of the automatic operation data; and the static risk originally remained on the paper surface is dynamically changed through the visualized high-risk scene management interface, so that the static risk is more efficiently and intuitively presented to a manager, and an intuitively visible risk management grip is provided for the risk manager. As described in detail below.

Firstly, a high risk scene management method provided by the embodiment of the application is explained.

As shown in fig. 1, a high risk scenario management method according to an embodiment of the present application may include:

step 101, after a preset potential safety hazard event occurs in a protective layer in a high-risk scene of a target enterprise, capturing potential safety hazard data of the protective layer from an automatic operation system of the target enterprise.

A target enterprise refers to one or more enterprises (or units) having security risk management requirements for high risk scenarios, which may include, but are not limited to, chemical enterprises. The high risk scenario includes, but is not limited to, "important in two points", i.e., important monitored hazardous chemical processes, important monitored hazardous chemicals, and important hazard sources.

High risk scenes are typically provided with a protective layer for preventing the occurrence of the associated risk, and a protective layer for reducing the consequences that result after the occurrence of the associated risk.

In general, the automated operation system of the target enterprise may include, but is not limited to, at least one of the following:

1) A distributed control system (Distributed Control System, DCS);

2) A data acquisition and monitoring control system (Supervisory Control And Data Acquisition, SCADA);

3) Safety instrument interlock systems (Safety Instrumented System, SIS);

4) An alarm system;

5) And (5) a patrol system.

A protection layer often includes three parts, namely a detection mechanism, a logic judging mechanism and an executing mechanism, wherein any part failure is likely to cause the protection layer to fail, so that failure logic of the protection layer can be determined in advance, the failure logic is formed by connecting failure conditions of different parts in the protection layer through a logic relationship (and/or non-logic), then safety hidden danger events (namely preset safety hidden danger events including but not limited to illegal operation, equipment failure, triggering sequence and the like) which are likely to cause the protection layer to fail are predefined according to the failure conditions of the protection layer (namely, the executing mechanism is illicitly operated and/or a threshold value in the logic judging mechanism is modified and the like), and monitoring is carried out on the predefined safety hidden danger events, and immediately capturing (capturing in real time, namely capturing in a very short time after the safety hidden danger events occur) safety hidden danger data (namely, recording of the illegal operation of the executing mechanism, the threshold value in the logic judging mechanism, the triggering sequence of the protection layer and the like) generated by the safety hidden danger events. It can be understood that the method for capturing the potential safety hazard data in real time can discover the potential safety hazard in the first time, but not after the potential safety hazard appears for a long time, so that the timeliness is very high, a solid foundation is laid for accurately determining the state of the protective layer in real time, finally, the risk existing in a high-risk scene can be discovered in time and early warning can be realized in advance, and the risk management and control effect of the high-risk scene is greatly improved.

As one example, the security risk data for the protective layer includes, but is not limited to, at least one of: personnel violation records, equipment fault records, and wrong protective layer logic sequences.

The fault or personnel illegal operation of the protection layer equipment usually leaves traces or records on the system such as DCS, SIS, SCADA, fire protection, patrol record and the like, so that the purpose of dynamically updating the state of the protection layer in real time can be realized by collecting the data recorded by the system in real time and bringing the data into the protection layer. In general, most of the operational status data of the protective layer is obtained from DCS, SCADA or SIS, a small portion of the operational status data is obtained from an alarm system or a patrol system, and the operational status data stored in the patrol system may be uploaded manually by a patrol personnel. Furthermore, the alarm system may be contained within the DCS or may be a stand-alone system.

As shown in fig. 3, in a specific implementation, state data of equipment related to a protection layer may be collected from a corresponding operation automation system through an industrial data collection software server set in the operation automation system 31 of a target enterprise for different operation automation systems (such as DCS, SCADA or SIS); these status data are then aggregated to the industrial data collection software client 32; the industrial data acquisition software client 32 then writes the status data into the database 33; the high risk scenario management system 30 provided in the embodiment of the present application reads these status data from the database 33 to update the status of the relevant protection layer in real time.

In addition, as shown in fig. 3, a client of the high risk scenario management system 30 (a server) provided in an embodiment of the present application may be installed on the terminal device 34 for use by a client, where the client is a target enterprise.

And 102, analyzing the potential safety hazard data of the grabbed protective layer based on a related risk analysis means, and determining the state of the protective layer in the high-risk scene.

Wherein the related risk analysis means may include, but is not limited to, at least one of a bowtie graph, a protective layer analysis (Layer of Protection Analysis, LOPA) and a risk matrix.

Step 103, determining the risk of the high-risk scene based on the state of the protective layer in the high-risk scene.

As an example, if the related risk analysis means includes a bowtie, then the step 102 may include: splitting risks possibly existing in the high-risk scene to obtain risk nodes existing in the high-risk scene; constructing a bow tie diagram aiming at the risk node; and determining the state of the protective layer in the bow tie graph based on the grasped potential safety hazard data of the protective layer, wherein the state of the protective layer comprises the effectiveness of the protective layer. A bow tie diagram is correspondingly constructed by one risk node, and comprises a top event and at least one accident link taking the top event as an accident logic center, wherein in the accident link, protection layers are respectively arranged at the front and the rear of the top event; in the concrete implementation, the important security risks to be managed by the target enterprise can be split according to the process flow and different production lines to obtain a plurality of risk nodes, and then a bow tie diagram is respectively constructed for the plurality of risk nodes.

Accordingly, step 103 may include: determining a risk level of an accident link in the bowtie graph based on the state of the protective layer in the bowtie graph; and determining the risk level of the risk node based on the risk level of the accident link in the bow tie diagram.

The bowtie graph analysis is generally used for managing a major hazard source, and the combed protection layer can be displayed on a bowtie graph according to the sequence of accidents or hidden dangers, wherein the left side is a preventive protection layer, the middle is a top event, the right side is a protection layer for reducing the severity of the result, and the bowtie graph is used for managing the scene analysis of the major hazard source because the process is quite complex, time-consuming and labor-consuming.

When a bowtie graph is constructed for one risk node, the top event of the risk node is defined clearly, and then the top event is taken as the center of accident logic, so that all accident links are exhausted. An incident link includes, in order from left to right, an initial event, a protection layer, a top event, a protection layer, and a result. In an accident link, a protective layer located before the overhead event is used to prevent the occurrence of the overhead event, such as preventing the occurrence of source device leakage (Loss of Primary Containment, LOPC), and a protective layer located after the overhead event is used to reduce the consequences of the overhead event, such as reducing the consequences of the LOPC. That is, each incident link has a protective layer or barrier that prevents the incident from occurring or reduces the severity of the consequences, the definition and design of which follow the theory of protective layer analysis (Layer of Protection Analysis, LOPA). Generally, an accident link is sequentially designed by an intrinsic safety process, process control, alarm management, safety interlocking, mechanical release, cofferdam, fire control, emergency response plan and the like from left to right.

LOPA is a semi-quantitative analysis method that begins with process hazard and risk analysis (Process Hazard Analysis, PHA) and evaluates whether the extent of risk reduction of a protective layer currently in design or operation meets the requirements of enterprise quantification standards for a particular scenario or an accident link. LOPA has a well-defined state of the independent protective layer, which generally includes validity, independence and auditability.

FIG. 2 shows a schematic diagram of a bowtie graph constructed for risk nodes. As shown in fig. 2, the bowtie diagram has 4 accident links as follows:

accident link 1: threat 1 to outcome 1. An initial event 1 (threat 1), a protection layer 1, a protection layer 2, a top event, a protection layer 5 and a result 1 are arranged on the accident link 1 in sequence from left to right.

Accident link 2: threat 1 to outcome 2. An initial event 1 (threat 1), a protection layer 1, a protection layer 2, a top event, a protection layer 5, a protection layer 6 and a result 2 are arranged on the accident link 2 in sequence from left to right.

Accident link 3: threat 2 to outcome 1. An initial event 1 (threat 2), a protection layer 2, a protection layer 4, a top event, a protection layer 5 and a result 1 are arranged on the accident link 3 in sequence from left to right.

Accident link 4: threat 2 to outcome 2. The accident link 4 is provided with an initial event 1 (threat 1), a protection layer 2, a protection layer 4, a top event, a protection layer 5, a protection layer 6 and a result 2 in sequence from left to right.

As a specific example, for a risk node of a vinyl chloride monomer spherical tank in a chemical enterprise, bow tie diagrams constructed for the risk node are shown in fig. 4 and 5. Referring to fig. 4 and 5, the bow tie diagram of the risk node of the vinyl chloride monomer spherical tank also includes 4 accident links, the 4 accident links take "leakage" as a top event, and protective layers are respectively arranged before and after the "leakage" top event.

Specifically, as shown in fig. 4 or fig. 5, four protection layers of process design, overrun alarm + manual intervention, interlocking function and physical protection after release are respectively arranged on an accident link from high equipment failure-temperature to environment pollution after VCM leakage, wherein the first three protection layers are protection layers for preventing the occurrence of LOPC, and the fourth protection layer is a protection layer for reducing the consequences of the LOPC; on the accident link of 'external cause-high temperature' to 'VCM leakage has potential fire explosion risk and causes casualties', five protection layers of 'BPCS control loop', 'overrun alarm + manual intervention', 'mechanical release', 'fire system' and 'emergency response' are respectively arranged, wherein the first three protection layers are protection layers for preventing LOPC, and the fourth and fifth protection layers are protection layers for reducing the consequences of the LOPC.

The state of the protective layer may comprise the effectiveness of the protective layer, and the effectiveness of the protective layer may be characterized by a probability of failure (Probability of Failure on Demand, PFD) of the protective layer, i.e., the PFD may represent the reliability of the protective layer. The PFD of the protective layer has a value between 0 and 1, and the closer the PFD of the protective layer has a value of 1, the greater the likelihood of failure of the protective layer. When the PFD of the cap layer is equal to 1, it is stated that the cap layer is one hundred percent in a failure state. The smaller the PFD of the protective layer, the more effective the protective layer. If pfd=0.1 of the protective layer, it means that 1 out of 10 cannot prevent the expansion of the process parameter deviation or the abnormal condition causes the subsequent accident.

On this basis, "determining the state of the protective layer in the bowtie map based on the captured safety hazard data of the protective layer" in step 102 may include: determining the PFD of the protective layer in the bow tie graph based on the captured potential safety hazard data of the protective layer; the effectiveness of the protective layer in the bowtie graph is determined based on the PFD of the protective layer in the bowtie graph.

For example, if the safety hazard data for a protective layer captured 10 consecutive times includes that the protective layer's actuator was operated 1 time against the rules, the protective layer's PFD may be set to 0.1. For another example, some protection layers may fail due to equipment failure, such as failure of an instrument transmitter where an alarm is located, so that the protection layer cannot provide a real measured value, and an operator cannot be reminded of making a correct intervention measure by correctly setting an alarm value, or the operator shields the alarm due to illegal operation, so that omission or the like occurs when the alarm is required to be reminded, and in these cases, the embodiment of the application determines that the protection layer fails, and the PFD with reduced risk borne by the protection layer is temporarily set to 1.

If several protection layers on the same accident link fail at the same time, the PFD of the accident link is set to 1, so that the protection layer of the accident link is similar to a dummy, and after all the holes are aligned like a swiss cheese model, the probability of accident and occurrence of the consequences of the accident link is obviously increased.

In addition, if the triggering logic of the protection layer is disordered, for example, the right protection layer is triggered first in the case that the left protection layer is not bypassed, for example, on the accident link of 'equipment failure-temperature is high' to 'environment pollution after VCM leakage' in fig. 5, the 'interlocking function' is triggered suddenly when the left two protection layers are in a normal state, the reliability of the left protection layer is reduced (PFD is raised from 0.1 to 0.18), then when the accident link PFD is calculated, the left 'overrun alarm' protection layer will use new PFD calculation, and if the number of times of such triggering logic errors is larger, the reliability of the affected protection layer will be lower (PFD will be higher and even approach 1 infinitely, i.e. like a dummy), so that the real running risk of the node or the device is more reflected.

In addition, for independence and auditability of the protective layer, the determination may also be made based on the relevant data of the protective layer obtained from the specified monitoring system. The definition of independence and auditability may be referred to in the art and is not repeated herein.

Optionally, after determining the state of the protection layer of the risk node, the state of the corresponding protection layer can be correspondingly displayed in the bow tie diagram of the risk node, and which protection layers are normal and which are invalid can be timely displayed to the high-risk scene manager of the target enterprise, so that the high-risk scene manager can 'see' the state of the protection layer, and thus find where the potential safety hazard is in time.

Optionally, when the state of the protective layer is in an abnormal state (such as failure or triggering, etc.), the state of the protective layer may be displayed in a preset highlighting manner (one of the visualization manners), so that the high-risk scene manager of the target enterprise can more quickly "see" the potential safety hazard, for example, as shown in fig. 4 or fig. 5, the protective layer in the "failure" state may be highlighted by filling, flashing, etc., where the filling manner may include, but is not limited to, a pattern and/or a color. Normally, the normal state of the protective layer can be displayed with green fill, while the failure state of the protective layer can be displayed with red fill.

Alternatively, the state of the protective layer updated in real time may be displayed below the corresponding protective layer. Specifically, as shown in fig. 4, on the accident link from "equipment failure-high temperature" to "polluted environment after VCM leakage", the status of the protection layer is "normal (i.e. valid)" can be displayed under the three protection layers of "process design", "interlock function" and "physical protection after release", while for the protection layer of "overrun alarm+manual intervention", if the validity is limited, the status of the protection layer is "failure" can be displayed under the protection layer; in addition, as shown in fig. 4, if the protection layer for reducing the severity of the LOPC consequences, i.e., the physical protection after the discharge (e.g., cofferdam or dam), fails, the state thereof is also shown as "failure" below it.

It can be seen that in the bowtie diagram shown in fig. 4, 2 protection layers on the 4 protection layers on the accident link from the "higher equipment failure temperature" to the "polluted environment after VCM leakage" result have failed (PFD is equal to 1), so the PFD of this accident link takes the role of reducing the probability of accident occurrence by the occurrence probability of the initial event and the remaining 2 effective protection layers.

In theory, no one protection layer is 100% reliable, so there is a possibility of an accident occurring no matter how many protection layers are on an accident link. In general, the probability of an entire incident link is the product of the PFD of all protection layers and the probability of an initial event occurring. That is, each protection layer has a possibility of failure, when a plurality of protection layers on an accident link fail at the same time, according to the swiss cheese model in the safety production management, the possibility of final casualties, environmental pollution, reputation reduction and property loss caused by the initial cause is gradually increased, and according to the arrangement of the risk matrix, when the severity of the result is unchanged, the possibility is increased to cause the risk to be increased.

As described above, in the bowtie, an accident link comprises, in order from left to right, an initial event, a protective layer, a top event, a protective layer, and a consequence; on this basis, if the status of the protective layer includes the validity of the protective layer, and the validity of the protective layer is characterized by the PFD of the protective layer, then "determining the risk level of the accident link in the bowtie based on the status of the protective layer in the bowtie" in step 103 may include: for any accident link in the bow tie diagram, determining the possibility of accident of the accident link based on a first formula; the risk level of the incident link is determined based on the likelihood of the incident and the severity of the consequences of the incident link.

Wherein, the first formula is:

PFD _i ＝ _i1 *FD _i1 *FD _i2 *…*FD _ij *…*Fd _im

wherein the PFD _i Indicating the possibility of accident of the ith accident link, P _i1 Representing the likelihood of an initial event occurring in the ith incident link, PFD _ij The failure probability of the j-th protection layer in the i-th accident link is represented by i=1, 2, …, n, j=1, 2, …, m, n represents the total number of accident links in a bow tie diagram, and m represents the number of protection layers in the i-th accident link.

Taking the bow tie diagram shown in fig. 2 as an example, the possibility of occurrence of accidents of the 4 accident links can be calculated by the above first formula, and the specific calculation result is as follows:

For the accident link 1, the possibility of accident through the protective layer 1, the protective layer 2, the protective layer 3 and the protective layer 5 is as follows:

PFD ₁ ＝P ₁ *PFD ₁₁ *PFD ₁₂ *PFD ₁₃ *PFD ₁₅

for the accident link 2, through the protection layer 1, the protection layer 2, the protection layer 3, the protection layer 5 and the protection layer 6, the possibility of accident is:

PFD ₂ ＝P ₁ *PFD ₂₁ *PFD ₂₂ *PFD ₂₃ *PFD ₂₅ *PFD ₂₆

for the accident link 3, through the protective layer 2, the protective layer 4 and the protective layer 5, the possibility of accident is:

PFD ₃ ＝P ₂ *PFD ₃₂ *PFD ₃₄ *PFD ₃₅

for an accident link 4, through the protective layer 2, the protective layer 4, the protective layer 5 and the protective layer 6, the possibility of accident is:

PFD ₄ ＝P ₂ *PFD ₄₂ *PFD ₄₄ *PFD ₄₅ *PFD ₄₆

in the bow tie diagram shown in fig. 2, since the protection layers used for the different accident links are crossed, the calculation formula of the possibility of accident occurrence of the 4 accident links is as follows:

PFD ₁₁ ＝PFD ₂₁

PFD ₂₂ ＝PFD ₃₂ ＝PFD ₄₂

PFD ₁₃ ＝PFD ₂₃

PFD ₃₄ ＝PFD ₄₄

PFD ₂₅ ＝PFD ₃₅ ＝PFD ₄₅

PFD ₂₆ ＝PFD ₄₆

further, the related risk analysis means further includes a risk matrix, wherein the determining the risk level of the accident link based on the probability of the accident occurring in the accident link and the severity of the result may include: and inquiring a risk matrix based on the possibility of the accident link and the severity of the result, and determining the risk level of the accident link, wherein the risk matrix stores the corresponding relation among the possibility of the accident, the severity of the result and the risk level.

In specific implementation, the probability level of accident of the accident link, the severity level of the consequences generated after the accident of the accident link and the risk level of the accident link can be set in advance, and the corresponding relation between the accident link and the risk level can be defined correspondingly to obtain a risk matrix. In this way, after determining the possibility of an accident occurring in an accident link and the severity of the result, the risk level of the accident link can be obtained by querying the risk matrix.

Fig. 6 shows a schematic view of the probability level setting of an accident link. The setting schematic diagram is a setting interface provided by the high-risk scene management system provided by the embodiment of the application, related management personnel can flexibly set the possibility level of accident of the accident link through the interface, and the number of levels can be added or subtracted according to actual needs.

As shown in fig. 6, as an example, when the probability of an accident of the accident link is [0.00001,0001], the probability level of the accident link is set to 1, and denoted by F1; setting the probability level of the accident link to be 2 when the probability of the accident link is [0.0001,0.001], and representing the probability level by F2; setting the probability level of the accident link to be 3 when the probability of the accident link is [0.001,0.01], and representing the probability level by F3; setting the probability level of the accident link to be 4 when the probability of the accident link is [0.01,0.10], and representing the probability level by F4; when the probability of accident of the accident link is [0.10,1.0], the probability rank of accident of the accident link is set to 5 and denoted by F5.

Fig. 7 shows a schematic of a severity level setting for an incident link incident. The setting schematic diagram is also a setting interface provided by the high-risk scene management system provided by the embodiment of the application, and related management personnel can flexibly set the severity level of the accident link through the interface, and the number of the levels can be added or subtracted according to actual needs.

As an example, as shown in FIG. 7, 5 severity levels may be set according to the severity of the incident occurrence, and may be sequentially denoted by C1, C2, C3, C4, and C5 in order of severity from high to low.

It should be noted that, the qualitative classification of the severity of the accident result may refer to the relevant standard, for example, the method for classifying the severity of the accident result as shown in table 1 below may be set with reference to the relevant standard.

TABLE 1 method for grading severity of accident consequences

Fig. 8 shows a schematic diagram of a risk matrix according to an embodiment of the present application. The risk matrix can be checked in a high-risk scene management system provided by the embodiment of the application. As shown in fig. 8, on the basis of the accident probability level and the result severity level of the accident link defined in fig. 6 and 7, a risk matrix as shown in fig. 8 may be set, in which V1 to V5 respectively represent 5 risk levels, where V1 represents the lowest risk level and V5 represents the highest risk level, and when the accident-caused result severity is unchanged, an increase in the accident probability may result in an increase in the risk level, and similarly, when the accident probability is unchanged, an increase in the accident-caused result severity may result in an increase in the risk level.

Alternatively, as shown in fig. 8, in the risk matrix, different display effects may be set according to the level of risk, for example, as the risk level increases, the risk level may be displayed with a more prominent filling color or filling pattern (as in fig. 8). Specifically, for V1, light green may be filled; for V2, dark green may be filled; for V3, yellow may be filled; for V4, orange may be filled; red may be filled for V5. Accordingly, when the top events of accident links or risk nodes with different risk levels are displayed in the bowtie diagram, filling display can be performed in this way. It can be understood that by means of the highlighting display, a manager can find corresponding hidden dangers or risks at the first time, and timely check and eliminate the hidden dangers or risks, so that the management and control effect of the important safety risks is further improved.

Accordingly, the determining the risk level of the risk node based on the risk level of the accident link in the bowtie graph in step 103 may include: determining a highest risk level of an accident link in the bowtie graph; and determining the highest risk level as the risk level of the risk node.

Of course, the risk level of the risk node may be determined in other manners, for example, different weights are given to different accident links, then the possibility of risk occurrence of the risk node is determined by weighting and summing the possibility of accident occurrence of at least one accident link, and then the risk level of the risk node is determined according to the possibility of risk occurrence of the risk node.

Step 104, early warning is carried out on risks existing in the high-risk scene.

As an example, step 104 may include: and under the condition that the preset alarm condition is met, carrying out alarm in a preset mode.

Wherein the preset alarm condition may include, but is not limited to, at least one of:

at least one protective layer in the failed link fails;

the risk level of the accident link is higher than a preset level;

the risk level of the risk node is higher than a preset level.

The preset alarm mode may include, but is not limited to, sending a short message, a mail, making an AI phone call, etc. to the responsible person.

It can be understood that under the condition that the protective layer fails, alarming (such as pushing alarm information) is carried out to the responsible person, so that the responsible person can timely check and eliminate related hidden danger; under the condition that the risk level of the accident link and/or the risk node is higher than the preset level, alarming is carried out to the responsible person, so that the responsible person can take relevant measures in time to carry out accident prevention or accident handling (such as timely evacuating production personnel and the like) so as to avoid or minimize the consequences of the accident occurrence and minimize the loss of various aspects of the target enterprise. Therefore, the high-risk scene management method provided by the embodiment of the application not only can realize online detection of risks, but also can realize dynamic early warning of risks.

As another example, since the protective layers on each accident link are sequentially arranged according to LOPA theory from left to right in the bowtie graph, if factors (such as deviation of process parameters: high temperature, high liquid level, low flow rate, etc.) inducing the overhead event in the accident link occur, the protective layers on the accident link should be sequentially effective in order from left to right, and prevent the deviation from being further expanded to cause damage to occur, thereby avoiding more serious consequences. If the order of validation is incorrect, indicating that the designed process kit may be problematic, the LOPA criteria are not fully considered, and step 104 may include: and under the condition that the effective sequence of the protective layer of any accident link in the bow tie diagram is wrong, giving out the prompt information that the process package design corresponding to the accident link is wrong, wherein the prompt information comprises that the process package design corresponding to the accident link does not accord with the LOPA standard. In addition, the inherent failure probability of the protective layer changes once the sequence of the front and rear protective layers is wrong.

According to the high-risk scene management method provided by the embodiment of the application, on one hand, after a preset potential safety hazard event occurs to the protection layer in the high-risk scene of a target enterprise, the potential safety hazard data of the protection layer is automatically and timely grasped from an automatic operation system of the target enterprise, the grasped potential safety hazard data of the protection layer is automatically analyzed in real time based on a relevant risk analysis means, the state of the protection layer in the high-risk scene is determined, the high-risk scene management is combined with the real-time data of the operation of the target enterprise, the state of the protection layer is enabled to be monitored by a digital, the automatic audit of the state of the protection layer is realized, and the manual inspection is not relied on, so that the monitoring efficiency of the state of the protection layer can be greatly improved; on the other hand, the risk existing in the high-risk scene can be automatically determined based on the state of the protective layer in the high-risk scene, and the risk existing in the high-risk scene is pre-warned, so that the online monitoring and the dynamic pre-warning of the safety risk existing in the high-risk scene are realized, a risk manager can know the risk existing in the high-risk scene in time or in advance, and relevant management and control measures can be conveniently taken, so that the risk management and control effect of the high-risk scene is improved.

Optionally, as shown in fig. 9, the method for managing a high risk scene provided in the embodiment of the present application may further include:

step 105, providing a visual high risk scene management interface.

The high-risk scene management interface is used for providing preset risk management functions for the target enterprise for management staff of the target enterprise.

Wherein the preset risk management functions include, but are not limited to, at least one of:

1) A risk dynamic information display function;

the risk dynamic information displayed by the risk dynamic information display function can be flexibly set. As an example, the risk dynamic information presented by the risk dynamic information presentation function may include, but is not limited to, at least one of:

high risk nodes in the target enterprise;

risk nodes of different risk grades in the target enterprise are distributed;

different levels of risk trends in the target enterprise, the levels including at least one of enterprise level, department level, and risk node level.

For example, the risk dynamic information described above may be displayed in the display interface shown in fig. 10. Specifically, as shown in fig. 10, the interfaces may respectively display: high risk nodes, target enterprise numbers, significant risk source numbers, risk node numbers at a highest risk level (e.g., V5), risk node numbers at a next highest risk level (e.g., V4), risk node distribution, enterprise level risk trends, department level risk trends, and node level risk trends.

In addition, as shown in fig. 10, more high risk nodes or more risk node distribution can be checked by dragging the scroll bar; under the condition that the number of enterprises is multiple, switching of different enterprises can be performed in the enterprise-level risk trend display area so as to display the risk trends of different enterprises according to needs, and similarly, clicking switching can be performed in the corresponding display area under the condition that the number of departments and the number of risk nodes are multiple, and the like.

It can be understood that if the risk dynamic information of the target enterprise is displayed on the display interface, a manager can intuitively grasp the major safety risk condition in the target enterprise, so that the aim of controlling any major safety risk is achieved, and the safe production and the protection of the target enterprise are ensured.

2) A risk statistics function;

as one example, the risk statistics function may include, but is not limited to, at least one of:

displaying a risk statistical result;

generating a risk statistics report;

and downloading a risk statistics report.

The dimension of the risk statistics may include, but is not limited to, at least one of:

related events of high risk nodes;

historical risk trends for the risk nodes;

Historical events of the risk node;

a protective layer state change event.

Specifically, the result of the risk statistics may be shown in the form of a graph, a table, etc., and the risk statistics report may include a graph and/or a table obtained by statistics. Taking statistics of related events of high risk nodes as an example, the statistics may include what is shown in table 1 below.

Table 1 list of relevant event statistics for high risk nodes

It should be noted that the dimension of the risk statistics and the display form of the statistics results may be flexibly set according to the needs, and are not limited to the above examples.

3) A risk node management function;

as one example, the risk node management functions may include, but are not limited to, at least one of:

the risk node list display function, wherein the risk node list display function can be specifically performed from dimensions such as a risk node name, a function of a risk node, characteristics of the risk node and the like, and can be further performed by clicking a related button or option to jump to an interface for displaying a bow-tie diagram of the risk node;

the relevant information configuration function of the risk node, wherein the relevant information can comprise the information such as the risk possibility level, the accident severity level, the risk matrix and the like, and the relevant information can also comprise the information such as a top event, a protection layer and the like corresponding to the risk node so as to generate a bow tie diagram;

And (3) the post configuration function of the operation and maintenance personnel corresponding to the risk nodes, such as a configuration risk node responsible person and the like.

4) The information display function of the target enterprise, wherein the information of the target enterprise can comprise information such as the name and industry of the target enterprise.

It can be understood that by providing the visual high-risk scene management interface for the manager of the target enterprise to provide the manager of the target enterprise with the risk dynamic information display function, the risk statistics function, the risk node management function, the information display function of the target enterprise and the like, an extremely convenient safety management grip is provided for the manager of the target enterprise to manage the high-risk scene, the manager of the target enterprise can see the risk, the risk existing in the high-risk scene of the target enterprise can be "counted in mind", and for the manager of the target enterprise, how the risk condition is known at a glance from the visual interface, so that the safety risk management efficiency can be further improved by the assistance manager.

Optionally, as shown in fig. 11, the method for managing a high risk scene provided in the embodiment of the present application may further include:

and 106, responding to the designated operation aiming at the risk node in the high-risk scene management interface, and displaying a bowtie diagram of the risk node.

Wherein the specified operation may include, but is not limited to, one or more of clicking, dragging, etc.

Optionally, at least one of the following may be displayed on the bowtie in a preset visual manner:

the current state of the protective layer;

risk level of the accident link;

risk level of risk node, etc.

Optionally, different visual modes can be adopted for displaying according to different states of the protection layer, and the higher the possibility of failure of the protection layer is, the more striking the visual display mode of the state of the protection layer is; different visual modes can be adopted for displaying the accident links with different risk levels, and the higher the risk level is, the more striking the visual display mode of the accident link is; for the risk nodes with different risk levels, different visual modes can be adopted to display the overhead events, and the higher the risk level is, the more striking the visual display mode of the overhead events is.

As an example, after the display interface performs a specified operation for a certain risk node, it jumps to another display interface including a bowtie diagram as shown in fig. 4 or fig. 5.

As shown in fig. 4 or 5, the protective layer in the "failed" state may be highlighted by padding, flashing, etc., where the padding may include, but is not limited to, a pattern or color. In general, the normal state of the protective layer may be displayed in green and the failure state of the protective layer may be displayed in red.

For another example, for an accident link with a risk level V1, the connection line of the accident link may be displayed as light green; for accident links with risk level V2, the connection lines of the accident links may be displayed as dark green; for an accident link with a risk level of V3, the connection line of the accident link may be displayed as yellow; for an accident link with a risk level of V4, the connection line of the accident link may be displayed as orange; for an accident link with a risk level V5, the connection line of the accident link may be displayed in red.

Similarly, for a risk node with a risk level of V1, the perimeter of its overhead event may be filled in with a light green (represented by the pattern fill in FIGS. 4 and 5); for risk nodes with a risk level of V2, the periphery of the event on top of the risk node can be filled with dark green; for risk nodes with a risk level of V3, the perimeter of the event on top of it may be filled with yellow; for risk nodes with a risk level of V4, the perimeter of the event on top thereof may be filled with orange; for risk nodes with a risk level of V5, the perimeter of the event on top of it may be filled in with red.

It can be understood that by means of the visual display mode, management personnel can find potential safety hazards such as protection layer failure and the like and corresponding levels of safety risks at the first time, and timely check and eliminate the potential safety hazards, so that the management and control effect of important safety risks is further improved.

Optionally, the method for managing a high risk scene provided by the embodiment of the present application may further include: and managing and controlling risks existing in the high-risk scene.

For example, in the event that one or more incident links and/or risk nodes have a risk level above a preset level, relevant management measures are initiated to perform risk management on the incident links and/or risk nodes.

In particular, the risk existing in the high-risk scene can be managed from at least one of the following two layers:

a first layer: and starting emergency measures to manage risks existing in the high-risk scene under the condition that the risks of the high-risk scene are increased (such as one or more accident links and/or risk nodes are higher than a preset level).

A second layer: and carrying out statistical analysis on risks existing in the high-risk scene according to a preset period, and starting conventional measures to manage the risks existing in the high-risk scene based on a statistical analysis result. Or, the method for managing the high-risk scene provided by the embodiment of the application can be periodically executed to manage the risk existing in the high-risk scene.

It can be understood that the risk is automatically managed and controlled by starting the related measures, so that the occurrence of related risk events can be timely avoided, or the influence caused by the occurrence of the related risk events is reduced, and the management and control effect is improved.

It should be noted that, each step included in the high-risk scene management method provided by the embodiment of the present application may be performed by one electronic device or may be performed by a different electronic device, specifically, some steps may be performed by a server of a high-risk scene management system provided by the embodiment of the present application, and some steps may be performed by a server client of a high-risk scene management system provided by the embodiment of the present application.

The embodiment of the application provides a high-risk scene management method, and on the basis of the high-risk scene management method, the embodiment of the application also provides a high-risk scene management system, and the description is given below.

As shown in fig. 12, a high risk scenario management system according to an embodiment of the present application may include: the hidden danger grabbing module 1201, the state determining module 1202, the risk determining module 1203 and the risk early warning module 1204.

The hidden danger grabbing module 1201 is configured to grab potential safety hazard data of a protection layer in a high risk scenario of a target enterprise from an automated operation system of the target enterprise after a preset potential safety hazard event occurs in the protection layer.

1) A distributed control system (Distributed Control System, DCS);

3) Safety instrument interlock systems (Safety Instrumented System, SIS);

4) An alarm system;

5) And (5) a patrol system.

The fault or personnel illegal operation of the protection layer equipment usually leaves traces or records on the system such as DCS, SIS, SCADA, fire protection, patrol record and the like, so that the purpose of dynamically updating the state of the protection layer in real time can be realized by collecting the data recorded by the system in real time and bringing the data into the protection layer. In general, most of the operational status data of the protective layer is obtained from DCS, SCADA or SIS, a small portion of the operational status data is obtained from an alarm system or a patrol system, and the operational status data stored in the patrol system may be uploaded manually by a patrol personnel.

The state determining module 1202 is configured to analyze the captured potential safety hazard data of the protection layer based on a related risk analysis means, and determine a state of the protection layer in the high-risk scene.

Wherein the related risk analysis means may include, but is not limited to, at least one of a bowtie graph, a protective layer analysis (Layer of Protection Analysis, LOPA) and a risk matrix. The safety hazards presented by high risk scenarios may include, but are not limited to, protective layer failure.

The risk determination module 1203 is configured to determine, based on the state of the protective layer in the high risk scene, a risk existing in the high risk scene.

As an example, if the related risk analysis means includes a bowtie graph, the state determination module 1202 may include: the risk dismantling sub-module, the bow tie diagram construction sub-module and the protection layer state determination sub-module; the risk determination module 1203 may include: a first risk determination sub-module and a second risk determination sub-module.

And the risk splitting module is used for splitting risks possibly existing in the high-risk scene to obtain risk nodes existing in the high-risk scene.

The bow tie diagram construction submodule is used for constructing a bow tie diagram aiming at the risk nodes, wherein one risk node correspondingly constructs the bow tie diagram, the bow tie diagram comprises a top event and at least one accident link taking the top event as an accident logic center, and protective layers are respectively arranged in front of and behind the top event in the accident link.

And the protective layer state determining submodule is used for determining the state of the protective layer in the bow tie graph based on the captured potential safety hazard data of the protective layer, wherein the state of the protective layer comprises the effectiveness of the protective layer.

Specifically, if the effectiveness of the protective layer is represented by the failure probability PFD of the protective layer; the protection layer state determination submodule is particularly applicable to: determining the PFD of the protective layers in the bow tie graph based on the potential safety hazard data of the grasped protective layers, wherein the PFD of one protective layer is closer to 1, and the probability of failure of the protective layer is higher; the effectiveness of the protective layer in the bowtie graph is determined based on the PFD of the protective layer in the bowtie graph.

In addition, for independence and auditability of the protective layer, a determination may also be made based on the status data of the protective layer obtained from the specified monitoring system. The definition of independence and auditability may be referred to in the art and is not repeated herein.

Optionally, after determining the state of the protection layer of the risk node, the state of the corresponding protection layer can be correspondingly displayed in the bow tie diagram of the risk node, and which protection layers are normal and which are invalid can be timely displayed to the high-risk scene manager of the target enterprise, so that the high-risk scene manager can timely find out where the potential safety hazard is, and the mode provides a gripper for the high-risk scene manager to find out the potential safety hazard as soon as possible, so that the potential safety hazard can be found out and eliminated as soon as possible, and the effectiveness of important safety risk management and control is improved.

Optionally, when the state of the protective layer is in an abnormal state (such as failure or triggering, etc.), the state of the protective layer may be displayed in a preset highlighting manner (one of the visualization manners), so that the high-risk scene manager of the target enterprise can discover the potential safety hazard more quickly, for example, as shown in fig. 4 or fig. 5, the protective layer in the "failure" state may be highlighted by filling, flashing, etc., where the filling manner may include, but is not limited to, patterns and/or colors. Normally, the normal state of the protective layer can be displayed with green fill, while the failure state of the protective layer can be displayed with red fill.

And the first risk determination submodule is used for determining the risk level of the accident link in the bowtie diagram based on the state of the protective layer in the bowtie diagram.

Specifically, in the bowtie graph, an accident link sequentially includes, from left to right, an initial event, a protection layer, a top event, a protection layer, and a result, and accordingly, the first risk determination submodule may include:

a possibility determining unit, configured to determine, for any one of the accident links in the bowtie graph, a possibility of occurrence of an accident for the accident link based on a first formula;

and the first risk determining unit is used for determining the risk level of the accident link based on the possibility of accident occurrence of the accident link and the severity of the consequences.

Wherein, the first formula is:

PFD _i ＝P _i1 *PFD _i1 *PFD _i2 *…*PFD _ij *…*PFD _im

Further, the first risk determining unit may be specifically configured to: and inquiring a risk matrix based on the possibility of the accident link and the severity of the result, and determining the risk level of the accident link, wherein the risk matrix stores the corresponding relation among the possibility of the accident, the severity of the result and the risk level.

And the second risk determination submodule is used for determining the risk level of the risk node based on the risk level of the accident link in the bow tie diagram.

As an example, the second risk determination submodule is specifically operable to: determining a highest risk level of an accident link in the bowtie graph; and determining the highest risk level as the risk level of the risk node so as to more accurately give the risk level of the risk node.

And the risk early warning module 1204 is used for early warning the risk existing in the high-risk scene.

As one example, risk early warning module 1204 may be used to: and under the condition that the preset alarm condition is met, carrying out alarm in a preset mode.

at least one protective layer in the failed link fails;

the risk level of the accident link is higher than a preset level;

the risk level of the risk node is higher than a preset level.

As another example, since the protective layers on each accident link are sequentially arranged according to LOPA theory from left to right in the bowtie graph, if factors (such as deviation of process parameters: high temperature, high liquid level, low flow rate, etc.) inducing the overhead event in the accident link occur, the protective layers on the accident link should be sequentially effective in order from left to right, and prevent the deviation from being further expanded to cause damage to occur, thereby avoiding more serious consequences. If the order of validation is incorrect, indicating that the designed process kit may be problematic, the LOPA criteria are not fully considered, and the risk early warning module 1204 may be configured to: and under the condition that the effective sequence of the protective layer of any accident link in the bow tie diagram is wrong, giving out the prompt information that the process package design corresponding to the accident link is wrong, wherein the prompt information comprises that the process package design corresponding to the accident link does not accord with the LOPA standard. In addition, the inherent failure probability of the protective layer changes once the sequence of the front and rear protective layers is wrong.

According to the high-risk scene management system provided by the embodiment of the application, on one hand, after a preset potential safety hazard event occurs to the protection layer in the high-risk scene of a target enterprise, the potential safety hazard data of the protection layer can be automatically and timely captured from an automatic operation system of the target enterprise, the captured potential safety hazard data of the protection layer is automatically analyzed in real time based on a relevant risk analysis means, the state of the protection layer in the high-risk scene is determined, the high-risk scene management is combined with the real-time data of the operation of the target enterprise, the protection layer state is enabled to be monitored by a number, the automatic audit of the protection layer state is realized, and the manual inspection is not relied on, so that the monitoring efficiency of the protection layer state can be greatly improved; on the other hand, the risk existing in the high-risk scene can be automatically determined based on the state of the protective layer in the high-risk scene, and the risk existing in the high-risk scene is pre-warned, so that the online monitoring and the dynamic pre-warning of the safety risk existing in the high-risk scene are realized, a risk manager can know the risk existing in the high-risk scene in time or in advance, and relevant management and control measures can be conveniently taken, so that the risk management and control effect of the high-risk scene is improved.

Optionally, as shown in fig. 13, a high risk scene management device 1200 provided in an embodiment of the present application may further include: a visual high risk scenario management interface 1205 for providing preset risk management functions for the target enterprise to management personnel of the target enterprise.

1) A risk dynamic information display function;

wherein the risk dynamic information may include, but is not limited to, at least one of:

high risk nodes in the target enterprise;

risk nodes of different risk grades in the target enterprise are distributed;

2) A risk statistics function;

Displaying a risk statistical result;

generating a risk statistics report;

and downloading a risk statistics report.

related events of high risk nodes;

historical risk trends for the risk nodes;

historical events of the risk node;

a protective layer state change event.

3) A risk node management function;

a risk node list display function;

a related information configuration function of the risk node;

and the post configuration function of operation and maintenance personnel corresponding to the risk nodes.

4) And the information display function of the target enterprise.

It can be understood that through the visual high-risk scene management interface, a risk dynamic information display function, a risk statistics function, a risk node management function, an information display function of the target enterprise and the like can be provided for a manager of the target enterprise, an extremely convenient safety management grip is provided for the manager of the target enterprise to manage the high-risk scene, the manager of the target enterprise can see risks, the risks of the high-risk scene of the target enterprise are counted, and the risk situation is known from the visual interface at a glance, so that the safety risk management efficiency can be further improved by the assistance manager.

Optionally, as shown in fig. 14, a high risk scenario management system 1200 provided by an embodiment of the present application may further include: and the response module 1206 is used for responding to the specified operation of the risk node in the high-risk scene management interface and displaying a bow tie diagram of the risk node.

the current state of the protective layer;

risk level of the accident link;

risk level of risk node, etc.

Optionally, the high risk scene management system 1200 provided by the embodiment of the present application may further include: a risk management and control module, wherein the risk management and control module is used for managing the risk of the risk,

and managing and controlling risks existing in the high-risk scene.

The high risk scene management system provided by the embodiment of the application is provided on the basis of the high risk scene management method provided by the embodiment of the application, and can achieve the same technical effects, so that the description of the embodiment of the method is more brief, and the relevant parts are referred to the embodiment of the method and are not repeated here.

Fig. 15 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 15, at the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.

The processor, network interface, and memory may be interconnected by an internal bus, which may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one bi-directional arrow is shown in fig. 15, but not only one bus or one type of bus.

And the memory is used for storing programs. In particular, the program may include program code including computer-operating instructions. The memory may include memory and non-volatile storage and provide instructions and data to the processor.

The processor reads the corresponding computer program from the nonvolatile memory to the memory and then runs the computer program to form the information auditing device on the logic level. The processor executes the program stored in the memory and is specifically configured to execute the high risk scene management method provided by the embodiment of the application.

The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The disclosed methods, steps, and logic diagrams in one or more embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with one or more embodiments of the application may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software modules in a decoded processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.

Of course, other implementations, such as a logic device or a combination of hardware and software, are not excluded from the electronic device of the present application, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or a logic device.

It should be noted that, in the present application, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment is mainly described in a different point from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.

The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims

1. A method of high risk scenario management, the method comprising:

and carrying out early warning on risks existing in the high-risk scene.

2. The method of claim 1, wherein the automated operation system comprises at least one of:

A distributed control system DCS;

a data acquisition and monitoring control system SCADA;

safety instrument interlock system SIS;

an alarm system;

and (5) a patrol system.

3. The method of claim 1, wherein the related risk analysis means comprises a bowtie graph, wherein the analyzing the captured safety hazard data of the protective layer based on the related risk analysis means to determine the state of the protective layer in the high risk scene comprises:

splitting risks possibly existing in the high-risk scene to obtain risk nodes existing in the high-risk scene;

constructing a bow tie diagram aiming at the risk nodes, wherein one risk node correspondingly constructs a bow tie diagram, the bow tie diagram comprises a top event and at least one accident link taking the top event as an accident logic center, and protective layers are respectively arranged in front of and behind the top event in the accident link;

determining the state of the protective layer in the bow tie graph based on the captured potential safety hazard data of the protective layer, wherein the state of the protective layer comprises the effectiveness of the protective layer;

wherein the determining the risk existing in the high-risk scene based on the state of the protective layer in the high-risk scene includes:

Determining a risk level of an accident link in the bowtie graph based on the state of the protective layer in the bowtie graph;

and determining the risk level of the risk node based on the risk level of the accident link in the bow tie diagram.

4. A method according to claim 3, characterized in that the effectiveness of the protective layer is characterized by a probability of failure PFD of the protective layer;

the step of determining the state of the protective layer in the bow tie graph based on the potential safety hazard data of the captured protective layer comprises the following steps:

determining the PFD of the protective layers in the bow tie graph based on the potential safety hazard data of the grasped protective layers, wherein the PFD of one protective layer is closer to 1, and the probability of failure of the protective layer is higher;

the effectiveness of the protective layer in the bowtie graph is determined based on the PFD of the protective layer in the bowtie graph.

5. The method of claim 4, wherein in the bowtie graph, one accident link comprises, in order from left to right, an initial event, a protective layer, a top event, a protective layer, and a consequence;

wherein the determining the risk level of the accident link in the bowtie graph based on the state of the protective layer in the bowtie graph comprises:

For any accident link in the bow tie diagram, determining the possibility of accident of the accident link based on a first formula;

determining a risk level of the accident link based on the probability of the accident occurring in the accident link and the severity of the consequences;

wherein, the first formula is:

PFD _i ＝P _i1 *PFD _i1 *PFD _i2 *…*pFD _ij *…*PFD _im

wherein the PFD _i Indicating the possibility of accident of the ith accident link, P _i1 Representing the likelihood of an initial event occurring in the ith incident link, PFD _ij The failure probability of the j-th protection layer in the i-th accident link is represented, i=1, 2, …, n, n represents the total number of accident links in a bow tie diagram, j=1, 2, …, m represents the number of protection layers in the i-th accident link.

6. The method of claim 5, wherein the associated risk analysis means further comprises a risk matrix, wherein the determining the risk level for the incident link based on the likelihood of the incident link experiencing an incident and the severity of the outcome comprises:

and inquiring a risk matrix based on the possibility of the accident link and the severity of the result to determine the risk level of the accident link, wherein the risk matrix stores the corresponding relation of the possibility of the accident, the severity of the result and the risk level.

7. A method according to claim 3, wherein said determining a risk level of said risk node based on a risk level of an accident link in said bowtie graph comprises:

determining a highest risk level of an accident link in the bowtie graph;

and determining the highest risk level as the risk level of the risk node.

8. The method according to any one of claims 3-7, further comprising:

and providing a visual high-risk scene management interface, wherein the high-risk scene management interface is used for providing preset risk management functions for the target enterprise for management staff of the target enterprise.

9. The method of claim 8, wherein the preset risk management function comprises at least one of:

a risk dynamic information display function;

a risk statistics function;

a risk node management function;

and the information display function of the target enterprise.

10. The method of claim 9, wherein the preset risk management function comprises a risk dynamic information presentation function, and wherein the risk dynamic information presented by the risk dynamic information presentation function comprises at least one of:

High risk nodes in the target enterprise;

risk nodes of different risk grades in the target enterprise are distributed;

11. The method of claim 9, wherein the preset risk management function comprises a risk statistics function, and the risk statistics function comprises at least one of:

displaying a risk statistical result;

generating a risk statistics report;

downloading a risk statistics report;

wherein the dimension of the risk statistic includes at least one of:

related events of high risk nodes;

historical risk trends for the risk nodes;

historical events of the risk node;

a protective layer state change event.

12. The method as recited in claim 11, further comprising:

responsive to a specified operation for a risk node in the high risk scenario management interface, displaying a bowtie graph of the risk node, and displaying at least one of the following in a preset visual manner on the bowtie graph:

the current state of the protective layer;

risk level of the accident link;

risk level of the risk node.

13. The method of claim 12, wherein the step of determining the position of the probe is performed,

different visual modes are adopted for displaying different states of the protective layer, and the higher the possibility of failure of the protective layer is, the more striking the visual display mode of the state of the protective layer is;

aiming at accident links with different risk levels, different visual modes are adopted for display, and the higher the risk level is, the more striking the visual display mode of the accident link is;

and for the risk nodes with different risk levels, different visual modes are adopted to display the overhead events, and the higher the risk level is, the more striking the visual display mode of the overhead events is.

14. The method of claim 9, wherein the preset risk management function comprises a risk node management function, and the risk node management function comprises at least one of:

a risk node list display function;

a related information configuration function of the risk node;

15. The method according to any one of claims 3-7, 9-14, wherein said pre-warning of risk present in said high risk scenario comprises:

under the condition that the preset alarm condition is met, alarming is carried out in a preset mode;

Wherein the preset alarm condition includes at least one of:

at least one protective layer in the failed link fails;

the risk level of the accident link is higher than a preset level;

the risk level of the risk node is higher than a preset level.

16. The method according to any of claims 3-7, 9-14, wherein the protective layers on an accident link are arranged in sequence from left to right in the bowtie graph according to LOPA theory, and if the factor inducing the overhead event in the accident link occurs, the protective layers on the accident link should be validated in sequence from left to right, wherein the pre-warning of the risk of the high risk scenario comprises:

and under the condition that the effective sequence of the protective layer of any accident link in the bow tie diagram is wrong, giving out the prompt information that the process package design corresponding to the accident link is wrong, wherein the prompt information comprises that the process package design corresponding to the accident link does not accord with the LOPA standard.

17. The method according to claim 1, wherein the method further comprises:

and managing and controlling risks existing in the high-risk scene.

18. The method of claim 17, wherein the managing risk present in the high risk scenario comprises:

Under the condition that the risk of the high-risk scene is increased, starting emergency measures to manage and control the risk of the high-risk scene;

and/or the number of the groups of groups,

and carrying out statistical analysis on risks existing in the high-risk scene according to a preset period, and starting conventional measures to manage the risks existing in the high-risk scene based on a statistical analysis result.

19. The method of any one of claims 1-7, 9-14, 17-18, wherein the safety hazard data comprises at least one of:

personnel illegal operation records;

recording equipment faults;

the wrong protective layer logic order.

20. A high risk scenario management system, the system comprising:

and the risk early warning module is used for early warning the risk existing in the high-risk scene.

21. The system of claim 20, wherein the automated operation system comprises at least one of:

a distributed control system DCS;

a data acquisition and monitoring control system SCADA;

safety instrument interlock system SIS;

an alarm system;

and (5) a patrol system.

22. The system of claim 20, wherein the related risk analysis means comprises a bowtie graph, wherein the state determination module comprises:

the risk splitting module is used for splitting risks possibly existing in the high-risk scene to obtain risk nodes existing in the high-risk scene;

the bow tie diagram construction submodule is used for constructing a bow tie diagram aiming at the risk nodes, wherein one risk node correspondingly constructs a bow tie diagram, the bow tie diagram comprises a top event and at least one accident link taking the top event as an accident logic center, and protective layers are respectively arranged in front of and behind the top event in the accident link;

The protective layer state determining submodule is used for determining the state of the protective layer in the bow tie graph based on the captured potential safety hazard data of the protective layer, wherein the state of the protective layer comprises the effectiveness of the protective layer;

wherein the risk determination module comprises:

a first risk determination submodule, configured to determine a risk level of an accident link in the bowtie graph based on a state of a protective layer in the bowtie graph;

23. The system of claim 22, wherein the effectiveness of the protective layer is characterized by a probability of failure PFD of the protective layer;

wherein, the protective layer state determination submodule is specifically used for:

24. The system of claim 22, wherein in the bowtie graph, one accident link comprises, in order from left to right, an initial event, a protective layer, a top event, a protective layer, and a consequence;

Wherein the first risk determination sub-module comprises:

a first risk determining unit, configured to determine a risk level of the accident link based on a probability of the accident occurring in the accident link and a severity of a result;

wherein, the first formula is:

PFD _i ＝ _i1 *FD _i1 *FD _i2 *…*FD _ij *…*FD _im

25. The system according to claim 24, wherein the related risk analysis means further comprises a risk matrix, wherein the first risk determination unit is specifically configured to:

26. The system according to claim 22, wherein the second risk determination submodule is specifically configured to:

determining a highest risk level of an accident link in the bowtie graph;

and determining the highest risk level as the risk level of the risk node.

27. The system of any one of claims 22-26, wherein the system further comprises: a visual high risk scene management interface;

28. The system of claim 27, wherein the preset risk management function comprises at least one of:

a risk dynamic information display function;

a risk statistics function;

a risk node management function;

and the information display function of the target enterprise.

29. The system of claim 27, further comprising:

the response module is used for responding to the specified operation of the risk node in the high-risk scene management interface, displaying a bow tie diagram of the risk node, and displaying at least one of the following on the bow tie diagram in a preset visual mode:

The current state of the protective layer;

risk level of the accident link;

risk level of the risk node.

30. The system of any one of claims 22-26, 28-29, wherein the risk early warning module is configured to:

wherein the preset alarm condition includes at least one of:

at least one protective layer in the failed link fails;

the risk level of the accident link is higher than a preset level;

the risk level of the risk node is higher than a preset level.

31. The system of any one of claims 22-26, 28-29, wherein the protective layers on an accident link are arranged in the bowtie diagram in order from left to right according to LOPA theory, and if the factor inducing a top event in the accident link occurs, the protective layers on the accident link should be validated in order from left to right, and the risk early warning module is configured to:

32. The system of claim 20, further comprising:

and the risk management and control module is used for managing and controlling the risks existing in the high-risk scene.

33. The system of claim 32, wherein the risk management module is configured to:

and/or the number of the groups of groups,

34. The system of any one of claims 22-26, 28-29, 32-33, wherein the safety hazard data comprises at least one of:

personnel illegal operation records;

recording equipment faults;

the wrong protective layer logic order.