EP4038557A1 - Procédé et système d'estimation et de représentation en continu de risque - Google Patents

Procédé et système d'estimation et de représentation en continu de risque

Info

Publication number
EP4038557A1
EP4038557A1 EP20780244.8A EP20780244A EP4038557A1 EP 4038557 A1 EP4038557 A1 EP 4038557A1 EP 20780244 A EP20780244 A EP 20780244A EP 4038557 A1 EP4038557 A1 EP 4038557A1
Authority
EP
European Patent Office
Prior art keywords
risk
value
indicative
server
representation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20780244.8A
Other languages
German (de)
English (en)
Inventor
Guglielmo CARRUBBA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SAPIO PRODUZIONE IDROGENO OSSIGENO Srl
Original Assignee
SAPIO PRODUZIONE IDROGENO OSSIGENO Srl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SAPIO PRODUZIONE IDROGENO OSSIGENO Srl filed Critical SAPIO PRODUZIONE IDROGENO OSSIGENO Srl
Publication of EP4038557A1 publication Critical patent/EP4038557A1/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/80Management or planning

Definitions

  • the present invention relates to a method and system for continuous estimation and representation of risk, more particularly to a method and system for determining a risk indicator, in an industrial environment or another environment where risks are involved in performing the activity, and the dynamic development thereof in real time.
  • the higher thresholds e.g. FSHH, TSHH, FYHH, LSLL, PSLL, etc.
  • the lower thresholds e.g. FSH, TSH, LSL, etc.
  • the innovation involves inserting a safety control by using simple or complex analogue variables (PressureSIC, TemperatureSIC, CalculationsSIC). This changes the method and the approach to safety, which starts to be managed as soon as there is a deviation from normal operating conditions; this makes human activity safer, since it eliminates the state of anxiety that occurs upon verifying a real and objective state of alarm or shutdown.
  • the object of the present invention is to provide a technology which overcomes, at least in part, the drawbacks of the currently available systems.
  • a server the value of the at least one measured operational parameter, each of the at least one operational parameter having a direct or indirect relationship with at least another one of the operational parameters
  • the method comprising the steps of: maintaining in a database accessible by the server a list of operational parameters, each of the operational parameters being associated with: one of the plurality of sensors; a threshold value indicative of an acceptable risk value (AR) and a value (PW) indicative of the weight of the associated operational parameter and of the relationship of the operational parameter with the other operational parameters with a direct or indirect relationship; processing by way of the server the values of the parameters received from the plurality of sensors and determining for each parameter an estimate of a value (RR) indicative of the residual risk, the value RR for each parameter being a function of the difference between the value measured and the acceptable risk value, weighted with the associated value PW; determining by way of the server a value GRR indicative of the global residual risk associated with the operating environment, the determination of the value G
  • the probabilistic function comprises a function based on neural networks.
  • the probabilistic function may further be based on an acyclic graph, such as a function based on Bayesian networks.
  • the aforementioned corrective action may comprise the emission of an acoustic and/or visual signal.
  • the present invention also provides a computer program, a software application or a program product which implements the aforementioned method when executed on a computer, a telephone or some device provided with data processing capabilities.
  • a distributed system which implements the aforementioned method is further provided.
  • a method for the quantification and representation of a value indicative of a risk in an industrial site comprising N operating environments, the method comprising the steps of: for each of the N operating environments, calculating a value GRRi (where 0 ⁇ i ⁇ N) according to the above method; determining the value of GRRmax being the maximum value of all GRRi values; assigning the value GRRmax to the value indicative of the total risk of the industrial site; representing and communicating by way of the server the determined value GRRmax; in response to the determined value GRRmax exceeding a predetermined threshold, performing a predetermined corrective action procedure.
  • the present invention also provides a computer program, a software application or a program product which implements the aforementioned method for the quantification and representation of a value indicative of a risk in an industrial site, when executed on a computer, a telephone or some device provided with data processing capabilities.
  • a distributed system which implements such method is also provided.
  • the global residual risk indicator is the resultant of all the individual residual risks, both sensor-equipped and otherwise, appropriately weighted.
  • Fig. 1 shows the general architecture of a system according to a preferred embodiment of the present invention
  • Fig. 2 schematically shows a generic computer used in the system according to a preferred embodiment of the present invention
  • Fig. 3 schematically shows a method of calculating the global residual risk indicator
  • Fig. 4 shows the residual risk control as a control loop
  • Fig. 5 shows a scheme with the extraction of the monitorable risk events from the relevant risk documents
  • Fig. 6 shows an example of extracting the analogue and Boolean variables linked to the monitorable risk events
  • Fig. 7 shows a regression line used in an example embodiment of the method according to the present invention
  • Fig. 8 shows an example of a deviation from acceptable risk
  • Fig. 9 shows an example of a Boolean variable used in an example embodiment of the method according to the present invention.
  • Fig. 10 is a graphical representation of an application of the method according to an embodiment of the present invention.
  • Fig. 11 schematically shows the steps of a method according to a preferred embodiment of the present invention.
  • risk meaning the probability that a certain event capable of causing harm to persons occurs.
  • the notion of risk implies the existence of a source of danger and of possibilities for this source to translate into harm. There are no limits on the representation of risk, so long as this risk is already known and can be represented in some way.
  • the goal of keeping the variable of safety under control is achieved by risk analysis, by means of which the residual risk for each accident event is estimated.
  • the residual risk is actually defined as the risk predicted to remain once the required countermeasures have been taken.
  • accident events which are considered “acceptable” have a residual risk below the admitted threshold.
  • the residual risk is continuously subject to a reduction process both by way of continuous monitoring of the process variables and by way of an activity of searching for technologies which make it possible to increase the available information. The idea is therefore to start from the ACCEPTABLE risk and monitor it in real time to avoid it increasing or, even worse, going out of control until, without our knowledge, it becomes UNACCEPTABLE.
  • the system comprises a distributed field infrastructure for gathering information and a central infrastructure for processing and assessing risk.
  • the field infrastructure is managed by a server 101 which controls and is connected to a plurality of detectors 103 set up to measure the various activities: these detectors 103 include, for example, sensors and apparatuses (industrial hardware, field buses) for capturing and monitoring production plants, dedicated control systems present in the individual machines and plants (for example CNC, PLC, DCS,
  • SCADA SCADA, etc.
  • the collected data are supplied to the server 101 via appropriate communication systems, which may comprise, purely by way of example, local networks, LAN, WAN, Internet, fixed or mobile telephone networks.
  • the server 101 after a first validation process (for example for identifying temporary or continuous malfunctions of the sensors, including using random techniques), processes the captured measurements and stores and archives them in appropriate databases (105).
  • the databases 105 may comprise for example data structures which can manage even massive architectures and thus process in accordance with configurable parameters, which can be defined on the basis of the end goals.
  • a dedicated function makes it possible, using captured measurements which have been verified and validated, to determine new “virtual sensor” or “soft sensing” measurements which make it possible to complete the framework of information relating to the production process in question and to increase the reliability of the “risk indicator” datum.
  • the central infrastructure comprises, within or under the control of the server 101 (as shown in the drawings), a module for processing and assessing risk 107 and a module for signalling and communicating the risk factor 109.
  • instruments are integrated for analysing and processing the data gathered from the capture system described above, which are integrated together with information from other computing instruments and apparatuses (for example management instruments for asset management, for planning and allocating resources, for managing intemal/extemal logistics, etc.).
  • the output produced by the system for capturing the field data is used by higher-level, advanced instruments and algorithms for a. identifying alarms; b. supporting operators in first-response assessment for effective and efficient management of anomalies; c. supporting operators in performing more complex analyses for identifying the most probable causes of the encountered anomaly.
  • the processing performed by the module for processing and assessing risk 107 supplies the results to the module for signalling and communicating the risk factor 109, which proceeds to communicate them in the appropriate manner to the instruments and persons which need to receive the risk signalling, within and/or beyond the monitored site and the industry which owns the structures for which the residual risk is to be estimated.
  • Fig. 2 shows a generic computer used in the system according to the preferred embodiment of the present invention.
  • This generic description includes any device provided with processing capabilities, albeit with various levels of sophistication and functionality (e.g. computers, mobile terminals, servers, network routers, proxy servers).
  • the computer 250 is composed of various units which are connected in parallel with a system bus 253.
  • one or more microprocessors 256 control the operations of the computer; a RAM 259 is used directly as a working memory of the microprocessors 256, while a ROM 262 contains the basic code for the activities for initially loading up the system (bootstrap).
  • Various peripheral units are connected to a local bus 265 by means of appropriate interfaces.
  • these peripheral units may comprise mass storage in the form of a hard disk 271 and a reader for CD ROMs and/or optical disks (e.g. DVDs or Blu-rays) 274, or else any other peripheral or storage device external to the computer.
  • the computer 250 may comprise input devices 277 (e.g. keyboard, mouse,
  • a network card Network Interface Card 283 is used for connecting the computer 250 to a network.
  • a bridge unit 286 forms the interface between the system bus 253 and the local bus 265. Each microprocessor 256 and the bridge unit 256 may operate as a “master agent” and request exclusive access to the system bus 253 for transmitting information.
  • An arbiter 289 manages requests for access to the system bus 253, preventing conflicts between the requesters. Similar considerations apply to systems which are slightly different or based on different network configurations. Other components beyond those described may be present in specific cases and for particular implementations (e.g.
  • One important element of the method and system according to a preferred embodiment of the present invention is an algorithm which makes it possible to monitor the residual risk continuously with a reliability level no lower than the reliability level of the activity which causes the risks (e.g. SMR hydrogen production plant, reliability level 98%).
  • Residual risk monitoring is performed by monitoring the plurality of variables in normal conditions (i.e. acceptable conditions) and through a precise estimate of the value of such variable and its trend in the future; this estimate is obtained by applying a mathematical model and Artificial Intelligence (Al) tools.
  • Continuous monitoring is possible, but takes place by reducing unmeasurable risks, and so this activity presupposes the adoption of sensors or in any case of electrical instrument devices which make it possible to detect the value directly or indirectly linked to the risk. With this basic presupposition, virtually all risks can be introduced into the control logic, and the inclusion thereof in the model depends solely on the possibility of measuring them.
  • Residual risk means the risk remaining after the corrective actions, and represents the parameter which indicates the parameter indicated as ACCEPTABLE by the probability P that the potential level of harm G is reached under the conditions of use and/or of exposure to a particular factor.
  • the risk is a function of the probability that harm is established and of the seriousness or scale of the possible harm.
  • the acceptable risk level is determined from: legal requirements; technical standards; prior art in the field / state of the art; established practices in the field / activity under analysis; company policy.
  • the RESIDUAL RISK indicator is an analogue variable and, like all variables, may have one or more SETPOINTS, each of which may activate actions suitable for reporting the residual risk at the nominal values (acceptability of the risk) or activate emergency actions such as shutdown of the process and/or preventative evacuation of persons.
  • Fig. 4 shows a flow chart of the activity for residual risk control, using a conventional control loop, as described for example in GISI “Measurement and control instrumentation in industrial applications” A. Brunelli volume ill-1 control of instruments and systems.
  • Each activity presents risks both for the person and for the surrounding environment; therefore, all risks can be grouped within the following contexts: a) Production: phase in which the PROCESS is active and requires continuous control/monitoring by the control system and the persons. In this case, the risks are those directly linked to performing the process. b) Maintenance: phase in which activities are performed by persons and equipment which allow the PROCESS to maintain performance in terms both of yield and of safety in accordance with the pre-set targets. In this case, the risks are those directly linked to the maintenance activity. c) Workplace organisation: together with human resources directly involved in various roles in the phases set out in points “a” and “b” above. In this case, the risks are exclusively linked to human behaviour, or to the erroneous operations carried out by staff both in performing the process and in the maintenance activity.
  • the measurement of the risks can be represented in various ways, for example using a
  • Boolean variable or a real variable In the former case, the change in state determines the passage from the normal state to the risk state; in the latter case, the risk state is brought about by the deviation in the real variable with respect to the reference function thereof. Said reference function is the behaviour of the variable over time within the admissible range thereof.
  • Non-sensor-equipped barriers the reliability of which depends on factors which can be tracked (for example the timing of the maintenance activities) or which can be estimated qualitatively by plant experts (for example the result of the maintenance inspections);
  • Behavioural barriers the introduction of which into the model can lead to consideration of human reliability, the influence of which on the global plant risk is fundamental and should be taken into consideration.
  • the behavioural barriers are those of added individual value, since they belong to the individual; therefore, the thought of inserting sensors anywhere to remove the individual’s barriers would be a major error.
  • the various steps to be carried out for monitoring the residual risk of a productive process first involve a series of preliminary activities for the correct configuration of the calculation instruments and subsequently the activity of calculation in real time which makes it possible to update the risk indicator continuously.
  • the steps described herein represent an example embodiment, but may be subject to adjustments and alterations depending on preferences and other conditions, as will be appreciated by technical experts in the field. Further, depending on specific requirements and alterations to the legal requirements, other steps may be added.
  • the preliminary activities include for example:
  • HAZOP HAZard and OPerability analysis
  • risk analysis risk analysis
  • safety report environmental analysis
  • monitoring system Integrated Environmental Authorisation system monitoring
  • safety and environment management system Integrated Environmental Authorisation system monitoring
  • accident prevention plan Risk Assessment
  • Fig. 5 schematically shows the step of extracting the monitorable risk events from the risk-related documents, according to a preferred embodiment of the method and system according to the present invention.
  • analogue and Boolean variables which have a direct or indirect relationship with the monitorable risk events are taken into consideration (an indirect relationship referring to those variables which are linked to those in a direct relationship).
  • Fig. 6 schematically shows the step of extracting the analogue and Boolean variables linked to the monitorable risk events, according to a preferred embodiment of the method and system according to the present invention.
  • the goal of this activity is to gain awareness of the reliability level of the process in terms both of the measurement instruments and of the automation. Both contexts can actually be affected by false positives: for the sensors, these are linked to incorrect measurement of the analogue variables; for automation, meanwhile, they are linked to the signalling of alarms in the absence of real anomalous conditions (there are also false negatives or absences of alarm signalling in the presence of real anomalous conditions).
  • the sensors should be provided with malfunction signalling, and if the variable to be monitored is a critical variable for RISK purposes it is preferably to apply voting logic.
  • This technique is known to experts in the field, and involves installing more sensors (2 or 3) for the same variable. In this way, on the one hand false positives are avoided, and on the other hand measurement accuracy is increased. Where possible, it is safe to recommend capturing the diagnostic information supplied by the sensor itself (for example using a
  • IP In the presence of a false alarm, IP will signal the anomaly without incrementing the risk value of the event with which the false alarm is associated.
  • the intelligent monitoring system In the presence of false negatives (absence of alarm signalling in the presence of real anomalous conditions), the intelligent monitoring system will signal the alarm while causing automatic incrementation of the risk value of the event with which the alarm which it had to trigger was associated. In both cases, the intelligent monitoring system will provide generation of a query resulting from the false alarm (whether positive or negative). The intelligent monitoring system thus becomes the controller of the accuracy of the measurements and signalling of the control system.
  • STEP 4 Individuation of the risks arising from maintenance activity
  • This system can actually transmit all the information inherent to the intrinsic features of the assets (age, useful lifetime, technology, level of use, etc.) and to the maintenance activity (schedule, timing, maintenance report account, etc.), in addition to all the essential authorisation steps for the maintenance activity, such as the work permit
  • This information does not come from sensors, but is updated periodically by the appropriate staff at maintenance interventions.
  • said information can automatically activate alarms at the RISK system at the moment when they are no longer compliant. These alarms are usually Boolean variables, and there is therefore a need to associate them correctly with the risk events identified in step
  • STEP 5 Individuation of the risks arising from human behaviour
  • This preliminary step relates to the individual and his behaviour.
  • the risks from human error are still numerous, and relate to all levels of the organisation, from the operator to the top manager. Clear, honest assessment of the organisation using standardised techniques and methodologies is therefore advisable.
  • using the instrumentation which is gradually coming onto the market it is possible to start providing more and more effective and helpful support for the individual. In time, this combination of factors will also improve the cultural process as regards safety and the environment.
  • the events linked to human behaviour are Boolean variables, since they attest to an intervention being performed, and there is therefore a need to associate them correctly with the risk events identified in step 1.
  • the real-time calculation activities performed within the intelligent monitoring system make it possible to update the risk indicator at any moment in time.
  • a probabilistic model which represents a set of stochastic variables along with the dependencies thereof using a direct acyclic graph.
  • Experts in the field will appreciate that other models may be used, so long as they correctly represent the link between the variables.
  • the acyclic graph makes it possible (for example using Bayesian networks or other networks) to generate consequential events between directly linked variables, thus avoiding the possibility of cyclical events which would poorly represent the development of the risk event.
  • the entry nodes to the advanced probabilistic model identify the base events, and require calculation of the probability at each moment in time. This probability depends directly on the state of the variable associated with the node in question. In the model described herein, two possible states/conditions are distinguished:
  • Risk condition the risk tends to increases as a result of the presence of an anomaly
  • the process of reconstructing said variable takes place using suitable, properly trained machine leaning algorithms (for the training phase of the models, it is necessary to identify time windows in the historical data relating to normal operativity).
  • the residues (e 1 ,e 2 ,e 3 ,e 4 ,e 5 ) are represented by the differences between the points P and the points Q, as is shown in Fig. 7.
  • the value of the residue is to discriminate between the two normal and risk conditions:
  • the probabilities of all the input nodes to the advanced model take the nominal values which are drawn from literature or estimated using particular algorithms.
  • MAVT multi-attribute variable theory
  • CREAM cognitive reliability and error analysis method: used for correcting the probability of failure of a human behaviour on the basis of information indicated in preliminary step 5.
  • the probability of the input nodes to the advanced probabilistic model is recalculated on the basis of the nature of the variable in question:
  • the residue is directly used for calculating the deviation in the analogue variable (variable
  • Fig. 8 shows a graphical representation of the deviation of a process variable from nominal operating conditions.
  • a predefined threshold pre-alarm threshold, alarm threshold or other threshold
  • the probability can take only two values (as is shown in Fig. 9):
  • the increase in the probability to the unit value immediately causes a step increase in the risk indicator, naturally depending on the importance of the node associated with the
  • Boolean variables are of various natures, for example:
  • Fig. 10 shows a possible embodiment of the above-described methodology, demonstrating the combination of some parameters combined using Boolean operators to obtain a final global residual risk value.
  • Fig. 11 shows the steps of a method for the quantification and representation of a value indicative of the risk in an operating environment according to a preferred embodiment of the present invention.
  • the method is implemented using a distributed system comprising a plurality of detectors 103, each set up to measure at least one operational parameter and transmit at predetermined time intervals to a server 101 the value of the measured operational parameter.
  • the method provides maintaining in a database 105 accessible by the server 101 a list of operational parameters, each of the operational parameters being associated with one of the plurality of sensors and with a threshold value indicative of an acceptable risk value (AR) and with a constant indicative of the weight of the associated parameter (PW).
  • AR acceptable risk value
  • PW constant indicative of the weight of the associated parameter
  • the sensors continuously detect the values of associated parameters) (step 1103) and transmit them at regular (or very similar) time intervals to the server (step 1105).
  • the details of how this detection and this transmission take place and the transmission times and frequencies of the data between the sensors and the server may change depending on specific requirements; the trigger for detection and/or transmission could be, in specific circumstances, event-driven instead of time-driven.
  • the server 101 processes the values of the parameters received from the plurality of sensors 103 and determines for each parameter an estimate of a value (RR) indicative of the residual risk, the value RR for each parameter being a function of the difference between the value measured and the acceptable risk value, weighted with the associated constant PW; the server 101 thus determines (step 1109) a value GRR indicative of the global residual risk associated with the operating environment, the determination of the value GRR being calculated by means of a probabilistic function of the plurality of estimated values RR.
  • the server by means of the module 109 for signalling and communicating the risk factor, provides that the determined value GRR is represented and communicated (step 1113).
  • the representation and communication of the value GRR may take on a wide range of forms and manners: purely by way of example, it may provide a graphical representation, potentially with the aid of conventional green, amber and red colours for risk classification (low, medium, high); it may be accompanied by acoustic and/or visual signals if one or more predetermined values are reached; it may be communicated using communications networks (e.g. telephone, Internet, fixed or mobile company network).
  • a predetermined threshold value is reached or exceeded (verified in step 1111)
  • a predetermined corrective action procedure can be activated and performed (step 1115).
  • the time, manner and performance times of said corrective action may depend on the circumstances of the operating environment and on the existing rules and policies.
  • the representation step 1113 is performed as an alternative to the step of performing the corrective procedure, but a different order may perfectly well be provided (e.g. first the representation step 1113, then the verification 1111). In each case, the control returns to step 1103 for continuous repetition of the detection 1103, transmission 1105, processing
  • the hardware structures may take on various appearances or include various modules;
  • the term “computer” includes any device (e.g. telephones, PDAs, machines and sensors of any type) provided with processing capability for executing software programs or parts thereof.
  • the programs may be structured in various ways or be implemented in any form.
  • the memories may take on multiple forms of embodiment or be replaced with equivalent entities (not necessarily consisting of physical media).
  • the programs may take on any form suitable for performing the relevant functions, and may be written in any programming languages or presented in the form of software, firmware or microcode, both in object code and in source code. Said programs may be stored on any type of medium so long as it is computer-readable; by way of example, the media may be: hard disks, removable disks (e.g.
  • CD-ROMs, DVDs or Blu- ray discs tapes, cartridges, wireless connections, networks, telecommunications waves; the media may for example be electronic, magnetic, optical, electromagnetic, mechanical, using infrared or semiconductors.
  • the solution according to the present solution lends itself to implementation using software, hardware (including integrated into chips or semiconductor materials) or a combination of hardware and software.
  • the principle of monitoring the residual risk is applicable in any field in which there are risks to the health and safety of persons and the environment, so long as the process that causes said risks is monitorable.
  • the risks linked to cybersecurity will gradually be taken into consideration.
  • the method described above could be applied to more complex environments, such as industrial sites, logistic centres, agricultural sites or any other working environment having a plurality of operating environments, possibly independent and not related one each other.
  • Each operating environment can be monitored and the risk quantified with the method described above: the total risk indicator will be assumed to be equal to the highest of the single operating enviroments calculated risk.
  • the method would comprise the steps of: for each of the N operating environments, calculating a value GRRi (where 0 ⁇ i ⁇ N) according to the method of any preceding claims; determining the maximum value GRRmax being the maximum value of all GRRi values; assigning the value GRRmax to the value indicative of the total risk of the industrial site.
  • the total risk indicator obtained can then be represented and communicated as discussed above. Also, when the determined value
  • GRRmax exceeds a predetermined threshold, a corrective action procedure can be invoked and executed.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Tourism & Hospitality (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

Procédé et système d'estimation et de représentation en continu de risque, plus particulièrement un procédé et un système de détermination d'un indicateur de risque, dans un environnement industriel ou un autre environnement dans lequel des risques sont impliqués dans la réalisation de l'activité, et leur développement dynamique dans le temps. Le système selon un mode de réalisation préféré de la présente invention comprend une infrastructure de champ distribué pour collecter des informations et une infrastructure centrale pour traiter et évaluer un risque. Le système et le procédé selon un mode de réalisation préféré de la présente invention utilisent les informations collectées à partir d'une pluralité de détecteurs configurés pour mesurer les diverses activités. Ces détecteurs comprennent, par exemple, des capteurs et des appareils (matériel industriel, bus de terrain) pour capturer et surveiller des installations de production, des systèmes de commande dédiés présents dans les machines et les usines individuelles, et ont la fonction de capturer des mesures en temps réel de divers paramètres de processus, de paramètres de fonctionnement et de paramètres d'état d'usine/machine.
EP20780244.8A 2019-10-02 2020-10-01 Procédé et système d'estimation et de représentation en continu de risque Pending EP4038557A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT201900017717 2019-10-02
PCT/EP2020/077599 WO2021064144A1 (fr) 2019-10-02 2020-10-01 Procédé et système d'estimation et de représentation en continu de risque

Publications (1)

Publication Number Publication Date
EP4038557A1 true EP4038557A1 (fr) 2022-08-10

Family

ID=69469095

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20780244.8A Pending EP4038557A1 (fr) 2019-10-02 2020-10-01 Procédé et système d'estimation et de représentation en continu de risque

Country Status (2)

Country Link
EP (1) EP4038557A1 (fr)
WO (1) WO2021064144A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113344362B (zh) * 2021-05-31 2022-10-18 中钢集团武汉安全环保研究院有限公司 一种重大安全风险指标计量方法
CN113657814B (zh) * 2021-09-03 2022-07-19 北京航空航天大学 一种航空网络风险预测方法及风险等级评估方法
CN114091791B (zh) * 2022-01-21 2022-04-12 科大智能物联技术股份有限公司 一种基于改进dea的ahp的物流绩效评估方法

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1918869A1 (fr) * 2006-11-02 2008-05-07 Abb Research Ltd. Méthode dynamique pour balance de securité
US20110252479A1 (en) * 2010-04-08 2011-10-13 Yolanta Beresnevichiene Method for analyzing risk
US10705516B2 (en) * 2014-10-10 2020-07-07 Near-Miss Management Llc Dynamic prediction of risk levels for manufacturing operations through leading risk indicators: dynamic risk fault tree method and system

Also Published As

Publication number Publication date
WO2021064144A1 (fr) 2021-04-08

Similar Documents

Publication Publication Date Title
US11599952B2 (en) Closed-loop system incorporating risk analytic algorithm
Vogl et al. A review of diagnostic and prognostic capabilities and best practices for manufacturing
US10809704B2 (en) Process performance issues and alarm notification using data analytics
KR102118670B1 (ko) Ict 인프라 관리 시스템 및 이를 이용한 ict 인프라 관리 방법
EP3660612B1 (fr) Procédé et système d'élimination de conditions de défaillance dans une installation technique
EP4038557A1 (fr) Procédé et système d'estimation et de représentation en continu de risque
RU2724716C1 (ru) Система и способ формирования данных для мониторинга кибер-физической системы с целью раннего определения аномалий в системе графического интерфейса пользователя
EP3125172B1 (fr) Analyse de fiabilité de configuration de components dans une chaîne d´approvisionnement de données
JP2017199365A (ja) 産業資産制御システム用のドメインレベル脅威検出
RU2724075C1 (ru) Система и способ определения источника аномалии в кибер-физической системе, обладающей определенными характеристиками
US20180017959A1 (en) Methods and systems for context based operator assistance for control systems
US20220329613A1 (en) Attack detection and localization with adaptive thresholding
JP6812312B2 (ja) プラント支援評価システム及びプラント支援評価方法
KR102328842B1 (ko) 설비 관리 방법 및 이를 실행하는 장치
WO2022115419A1 (fr) Procédé de détection d'une anomalie dans un système
EP3187950B1 (fr) Procédé de gestion d'alarmes dans un système de commande
US10990090B2 (en) Apparatus and method for automatic detection and classification of industrial alarms
US20230205193A1 (en) System and method for diagnostics and monitoring of anomalies of a cyber-physical system
EP3674946B1 (fr) Système et procédé de détection des anomalies dans un système cyber-physique ayant des caractéristiques déterminées
US10139788B2 (en) Remote data analytics to predict system components or device failure
EP4206963A1 (fr) Système et procédé de diagnostic et de surveillance d'anomalies d'un système cyberphysique
JP7062505B2 (ja) 設備管理支援システム
EP3995920A1 (fr) Analyse d'événements dans des installations industrielles modulaires
RU2749252C1 (ru) Способ определения источников аномалии в кибер-физической системе
US11237550B2 (en) Ultrasonic flow meter prognostics with near real-time condition based uncertainty analysis

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20220317

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)