PLC: Risk Analysis

Hello again everyone.

This represents the fourth and final chapter in my brief series on PLC for MBE. I am going to end with talking about risk analysis. Every single commercially available hardware device, software package or customer service in the world has been scrutinised by some kind of risk analysis. It is basically impossible NOT to do a risk analysis. Whether it is a formal FMEA (Failure Mode and Effect Analysis) or listening to that feeling in your gut that something is off, human beings ascribe inherent risk to almost everything. And with good reason, knowledge of risk can prevent disaster.

FMEA is just a tool to quantify and track risks, much like a GANTT chart is a tool to plan and track a project. FMEA has 3 basic parts.

Firstly you gather ALL the risks and I mean all. This is usually pretty fun and involves many Brainstorming sessions. For a simple device like a toaster you might get 50 risks. For a complex device like an MBE system you might easily reach 1000.

In the second stage you ascribe each risk a value for level of severity (S), likeliness of occurrence (O) and difficulty of detection (D). A number from 0 to 10 is ascribed to each. The three are then multiplied together to give a risk out of 1000. A ridiculous risk might be that the system kills the operator (S=10) every second (O=10) and there is no means to detect it (D=10) gives a risk of 1000. Any risk that has a severity greater than 7 or a combined risk great than 500 is termed a RED risk. RED risks must be mitigated. Severity (S) is not only in terms of user injury, there is also the risk to finances and timeline to consider.

The third and final stage is just that, reducing the risks by redesign or adaptation of the system. Often this involves either redesigning so the occurrence is less or adding some feature so the detection risk is less. And of course the MBE system should not be killing anyone, ever, so the system needs redesigning to reduce the severity of any risks to “minor injury”.

If our system in second hand, DIY or cobbled together from 3 older systems it probably invalidates any OEM’s (Original Equipment Manufacturer’s) FMEA. You do not need to do a formal and thorough FMEA, just set a threshold in terms of money or time that you are not willing to risk. You could say, any breakage that costs more than 1000 Euro to repair or results in more than a week down time is unacceptable. Then think of the things that can cause these breakages, for example water chiller failure, power cut, thermocouple sensor break or pump failure. Then have a backup in case these failures occur to prevent the breakage, for example:

(1) water chiller failure can be avoided with a secondary chiller or a mains bypass

(2) power failure can be avoided with an uninterruptable power supply (at least on critical components)

(3) thermocouple sensor break can be mitigated with detection and switching to a fixed output power

(4) pump failure can be mitigated with closing the gate valve and having a second pump take over

All these solutions require some kind of detection of the fault and then an action to avoid damage. If you are thorough you will come up with 1000 or so of these risks and probably need to mitigate 100 of them. Luckily, a good PLC system already does this for you.

The bottom line is that of you have even one risk that is a RED risk, the FMEA is yelling you took system is to risky to operate!

So in order to wrap up my exploration of PLC for MBE, I ask you: what is the risk of NOT having one?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s