INTERNATIONAL ISO
STANDARD 20815
Second edition
2018-10
Petroleum, petrochemical and
natural gas industries — Production
assurance and reliability management
Industries du pétrole, de la pétrochimie et du gaz naturel —
Assurance de la production et management de la fiabilité
Reference number
ISO 20815:2018(E)
© ISO 2018
ISO 20815:2018(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email:
[email protected] Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Contents Page
Foreword......................................................................................................................................................................................................................................... iv
Introduction...................................................................................................................................................................................................................................v
1 Scope.................................................................................................................................................................................................................................. 1
2 Normative references....................................................................................................................................................................................... 1
3 Terms, definitions and abbreviated terms................................................................................................................................. 2
3.1 Terms and definitions........................................................................................................................................................................ 2
3.2 Abbreviations......................................................................................................................................................................................... 15
4 Production assurance and decision support.........................................................................................................................17
4.1 Users of this document.................................................................................................................................................................. 17
4.2 Framework conditions................................................................................................................................................................... 17
4.3 Optimization process....................................................................................................................................................................... 19
4.4 Production assurance programme...................................................................................................................................... 21
4.4.1 Objectives............................................................................................................................................................................. 21
4.4.2 Project risk categorization.................................................................................................................................... 22
4.4.3 Programme activities................................................................................................................................................. 23
4.5 Alternative standards...................................................................................................................................................................... 25
5 Production assurance processes and activities.................................................................................................................26
Annex A (informative) Contents of production assurance programme (PAP)........................................................28
Annex B (informative) Core production assurance processes and activities...........................................................30
Annex C (informative) Interacting production assurance processes and activities..........................................39
Annex D (informative) Production performance analyses..........................................................................................................43
Annex E (informative) Reliability and production performance data.............................................................................50
Annex F (informative) Performance objectives and requirements....................................................................................52
Annex G (informative) Performance measures for production availability..............................................................56
Annex H (informative) Relationship to major accidents...............................................................................................................69
Annex I (informative) Outline of techniques..............................................................................................................................................71
Bibliography.............................................................................................................................................................................................................................. 96
© ISO 2018 – All rights reserved iii
ISO 20815:2018(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso
.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 67, Materials, equipment and offshore
structures for petroleum, petrochemical and natural gas industries.
This second edition cancels and replaces the first edition (ISO 20815:2008), which has been technically
revised. The main changes compared to the previous edition are as follows:
— Clause 3: several new terms, definitions and abbreviations;
— Clause 4: new 4.1 and new Figure 2;
— Annexes A, B, C and E: minor changes;
— Annex D: various new text and new figures;
— Annex F: new text in Clause F.3, new Clause F.4, and new figure;
— Annex G and H: some changes in Clauses G.2, G.3, H.1 and H.2;
— Annex I: various changes in Clauses I.7 to I.10, I.18 to I.22, and new Clauses I.23 to I.26.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Introduction
The petroleum, petrochemical and natural gas industries involve large capital investment costs as well
as operational expenditures. The profitability of these industries is dependent upon the reliability,
availability and maintainability of the systems and components that are used. Therefore, for optimal
production availability in the oil and gas business, a standardized, integrated reliability approach is
required.
The concept of production assurance, introduced in this document, enables a common understanding
with respect to use of reliability technology in the various life cycle phases and covers the activities
implemented to achieve and maintain a performance level that is at its optimum in terms of the overall
economy and, at the same time, consistent with applicable regulatory and framework conditions.
Annexes A to I are for information only.
© ISO 2018 – All rights reserved v
INTERNATIONAL STANDARD ISO 20815:2018(E)
Petroleum, petrochemical and natural gas industries —
Production assurance and reliability management
IMPORTANT — The electronic file of this document contains colours which are considered to be
useful for the correct understanding of the document. Users should therefore consider printing
this document using a colour printer.
1 Scope
This document describes the concept of production assurance within the systems and operations
associated with exploration drilling, exploitation, processing and transport of petroleum, petrochemical
and natural gas resources. This document covers upstream (including subsea), midstream and
downstream facilities, petrochemical and associated activities. It focuses on production assurance of
oil and gas production, processing and associated activities and covers the analysis of reliability and
maintenance of the components. This includes a variety of business categories and associated systems/
equipment in the oil and gas value chain. Production assurance addresses not only hydrocarbon
production, but also associated activities such as drilling, pipeline installation and subsea intervention.
This document provides processes and activities, requirements and guidelines for systematic
management, effective planning, execution and use of production assurance and reliability technology.
This is to achieve cost-effective solutions over the life cycle of an asset development project structured
around the following main elements:
— production assurance management for optimum economy of the facility through all of its life cycle
phases, while also considering constraints arising from health, safety, environment, and quality;
— planning, execution and implementation of reliability technology;
— application of reliability and maintenance data;
— reliability-based technology development, design and operational improvement.
The IEC 60300-3 series addresses equipment reliability and maintenance performance in general.
This document designates 12 processes, of which seven are defined as core production assurance
processes and addressed in this document. The remaining five processes are denoted as interacting
processes and are outside the scope of this document. The interaction of the core production assurance
processes with these interacting processes, however, is within the scope of this document as the
information flow to and from these latter processes is required to ensure that production assurance
requirements can be fulfilled.
The only requirement mandated by this document is the establishment and execution of the production
assurance programme (PAP). It is important to reflect the PAP in the overall project management in the
project for which it applies.
This document recommends that the listed processes and activities be initiated only if they can be
considered to add value.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
© ISO 2018 – All rights reserved 1
ISO 20815:2018(E)
ISO 14224:2016, Petroleum, petrochemical and natural gas industries — Collection and exchange of
reliability and maintenance data for equipment
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
3.1.1
active repair time
effective time to achieve repair of an item
Note 1 to entry: The expectation of the effective time to repair is called MART (mean active repair time).
Note 2 to entry: ISO 14224:2016 distinguishes between the terms mean active repair time (MART), mean time to
repair (MTTR), mean time to restoration (MTTRes), and mean overall repairing time (MRT). See ISO 14224:2016,
3.59, 3.63, 3.64 and 3.61 for further details.
Note 3 to entry: The mean active repair time (MART) is defined as “expected active repair time” in ISO/TR
12489:2013, 3.1.34. See also ISO/TR 12489:2013, Figures 5 and 6.
[SOURCE: ISO 14224:2016, 3.2, modified — Notes 1 to 2 to entry have been added.]
3.1.2
availability
ability to be in a state to perform as required
Note 1 to entry: For a binary item, the measure of the availability is the probability to be in up state (i.e. in a state
belonging to the up state class), see 3.1.59.
Note 2 to entry: In 3.1.4, the figure shows the system is available at time t 1 and unavailable at time t 2.
Note 3 to entry: See ISO 14224:2016, Annex C for a more detailed description and interpretation of availability.
Note 4 to entry: Technical or operational availability (see ISO 14224:2016, C.2.3.2 and Table E.3) or system
availability can be used as derived performance measures. Case specific definition of system availability is
needed to reflect the system being addressed.
Note 5 to entry: Further terms are given in ISO/TR 12489:2013.
Note 6 to entry: See Figure G.1 for further information.
[SOURCE: IEC 60050‐192:2015, 192‐01‐23, modified — Notes 1 to 6 to entry have been added.]
3.1.3
barrier
functional grouping of safeguards or controls selected to prevent a major accident or limit the
consequences
[SOURCE: ISO 17776:2016, 3.1.1]
3.1.4
binary item
item with two classes of states
Note 1 to entry: The two classes can be ‘up state’ and ‘down state’.
2 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
EXAMPLE 1 A usual item with an up state (3.1.59) and a down state (3.1.10) is a binary item. Components A
and B in the figure below are binary items.
EXAMPLE 2 A system made up of two redundant binary items, A and B, has four states: S1 (both A and B in
up state), S2 (A in up state and B in down state), S3 (A in down state and B in up state), S4 (both A and B in down
state). If the system is able to operate as required in states S1, S2 and S3 and not able in state S4, it is a binary item
with the up state class {S1, S2, S3} and the down class {S4}. This is illustrated in the Figure showing availability
behaviour of an 1oo2 system.
3.1.5
common cause failure
failures of multiple items, which would otherwise be considered independent of one another, resulting
from a single cause
Note 1 to entry: See also Notes to entry for common cause failures in ISO 14224:2016, 3.5.
[SOURCE: IEC 60050-192:2015, 192-03-18, modified — Note 1 to entry has been added.]
3.1.6
condition monitoring
obtaining information about physical state or operational parameters
Note 1 to entry: Condition monitoring is used to determine when preventive maintenance may be required.
Note 2 to entry: Condition monitoring may be conducted automatically during operation or at planned intervals.
Note 3 to entry: Condition monitoring is part of condition-based maintenance. See also ISO 14224:2016, Figure 6.
[SOURCE: IEC 60050-192:2015, 192-06-28, modified — Note 3 to entry has been added.]
3.1.7
corrective maintenance
maintenance carried out after fault detection to effect restoration
Note 1 to entry: See also ISO/TR 12489:2013, Figures 5 and 6, which illustrate terms used for quantifying
corrective maintenance.
© ISO 2018 – All rights reserved 3
ISO 20815:2018(E)
[SOURCE: IEC 60050-192:2015, 192-06-06, modified — Note 1 to entry has been added.]
3.1.8
deliverability
ratio of deliveries to planned deliveries over a specified period of time, when the effect of compensating
elements, such as substitution from other producers and downstream buffer storage, is included
Note 1 to entry: See Figure G.1 for further information.
3.1.9
design life
planned usage time for the total system
Note 1 to entry: to entry It is important not to confuse design life with the ‘mean time to failure’ (MTTF), which
is comprised of several items that might be allowed to fail within the design life of the system as long as repair or
replacement is feasible.
3.1.10
down state
unavailable state
internally disabled state
internal disabled state
<of an item> state of being unable to perform as required, due to internal fault, or preventive
maintenance
Note 1 to entry: This concept is related to a binary item (3.1.4), which can have several down states forming the
down state class of the item. All the states in the down state class are considered to be equivalent with regard to
the unavailability of the considered item.
Note 2 to entry: See also Notes to entry for down state in ISO 14224:2016, 3.15.
EXAMPLE In the figure in 3.1.4, the down state class of the system S comprises only one state {S4} and the
system S is in down state at time t 2.
[SOURCE: IEC 60050‐192:2015, 192‐02‐20, modified — Notes 1 and 2 have been added.]
3.1.11
down time
time interval during which an item is in a down state
Note 1 to entry: The down time includes all the delays between the item failure and the restoration of its service.
Down time can be either planned or unplanned (see ISO 14224:2016, Table 4).
Note 2 to entry: Down time can be equipment down time (see Figure 4 and Table 4 in ISO 14224:2016), production
down time (see Figures I.1 and I.2) or down time for other operations (e.g. drilling). It is important to distinguish
between the equipment down time itself and the down time of the plant to which the equipment belongs.
[SOURCE: IEC 60050-192:2015, 192-02-21, modified — Notes 1 and 2 have been added.]
3.1.12
downstream
business category most commonly used in the petroleum industry to describe post-production
processes
Note 1 to entry: See ISO 14224:2016, A.1.4 for further details.
[SOURCE: ISO 14224:2016, 3.17]
4 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
3.1.13
failure
<of an item> loss of ability to perform as required
Note 1 to entry: A failure of an item is an event that results in a fault (i.e. a state) of that item (see 3.1.18). This is
illustrated in the figure in 3.1.50 for a binary system S comprising two redundant components A and B.
[SOURCE: IEC 60050‐192:2015, 192‐03‐01, modified — Note 1 to entry has been added.]
3.1.14
failure cause
root cause
set of circumstances that leads to failure
Note 1 to entry: A failure cause can originate during specification, design, manufacture, installation, operation or
maintenance of an item.
Note 2 to entry: See also ISO 14224:2016, B.2.3 and Table B.3, which define failure causes for all equipment
classes.
[SOURCE: IEC 60050-192:2015, 192-03-11, modified — Note 2 to entry has been added.]
3.1.15
failure data
data characterizing the occurrence of a failure event
Note 1 to entry: See also ISO 14224:2016, Table 6.
[SOURCE: ISO 14224:2016, 3.25]
3.1.16
failure mode
manner in which failure occurs
Note 1 to entry: See also the tables in ISO 14224:2016, B.2.6, on the relevant failure modes, which define failure
modes to be used for each equipment class.
[SOURCE: IEC 60050-192:2015, 192-03-17, modified — Note 1 to entry has been added.]
3.1.17
failure rate
conditional probability per unit of time that the item fails between t and t + dt, provided that it has been
working over [0, t]
[SOURCE: ISO/TR 12489:2013, modified — Notes 1 to 4 to entry have been added.]
Note 1 to entry: See ISO 14224:2016, C.3 for further explanation of the failure rate.
Note 2 to entry: This definition applies for the first failure of binary items (3.1.4).
Note 3 to entry: Under the assumptions that the failure rate is constant and that the item is as good as new after
repairs the failure rate can be estimated as the number of failures relative to the corresponding accumulated up
time divided by this accumulated up time. In this case this is the reciprocal of MTTF (3.1.34). In some cases, time
can be replaced by units of use.
Note 4 to entry: The estimation of the failure rate can be based on operating time or calendar time.
3.1.18
fault
<of an item> inability to perform as required, due to an internal state
Note 1 to entry: A fault of an item results from a failure, either of the item itself, or from a deficiency in an earlier
stage of the life cycle, such as specification, design, manufacture or maintenance. See latent fault (ISO 14224:2016,
3.44). The down states of items A, B and S in the figure in 3.1.46 are examples of faults.
© ISO 2018 – All rights reserved 5
ISO 20815:2018(E)
Note 2 to entry: An item made of several sub-items (e.g. a system) which continues to perform as required in
presence of faults of one or several sub-items is called fault tolerant.
Note 3 to entry: See also ISO/TR 12489:2013, 3.2.2.
[SOURCE: IEC 60050‐192:2015, 192‐04‐01, modified — Note 2 to entry has been added.]
3.1.19
fault tolerance
attribute of an item that makes it able to perform a required function in the presence of certain given
sub-item faults
3.1.20
human error
discrepancy between the human action taken or omitted and that intended
EXAMPLE Performing an incorrect action; omitting a required action.
Note 1 to entry: Discrepancy with intention is considered essential in determining human error; see Reference[81].
Note 2 to entry: The term “human error” is often attributed in hindsight to a human decision, action or inaction
considered to be an initiator or contributory cause of a negative outcome such as loss or harm.
Note 3 to entry: In human reliability assessment, human error is defined as any member of a set of human actions
or activities that exceeds some limit of acceptability, this being an out of tolerance action or failure to act where
the limits of performance are defined by the system (see Reference[78]).
Note 4 to entry: See also IEC 62508:2010 for further details.
Note 5 to entry: See also ISO/TR 12489:2013, 5.5.2.
[SOURCE: IEC 60050-192:2015, 192-03-14, modified — Notes 1 through 5 to entry have been added.]
3.1.21
instantaneous availability
A(t)
probability that an item is in a state to perform as required at a given instant
[SOURCE: IEC 60050-192:2015, 192-08-01]
3.1.22
integrity
ability of a barrier to function as required when needed
Note 1 to entry: See 3.1.2 in ISO/TR 12489:2013 for definition of safety integrity.
Note 2 to entry: There are different definitions of integrity: plant, asset, system, pipeline (see DNVGL-ST-F101:
2017), well (see ISO 16530-1:2017, 3.73), mechanical, safety (see ISO/TR 12489:2013, 3.1.2), structural (see
ISO 19900:—, 3.47) and technical.
3.1.23
item
subject being considered
Note 1 to entry: The item can be an individual part, component, device, functional unit, equipment, subsystem,
or system.
Note 2 to entry: The item may consist of hardware, software, people or any combination thereof.
Note 3 to entry: In this document, item can also be plant/unit and installation. See ISO 14224:2016, Figure 3.
[SOURCE: IEC 60050-192:2015, 192-01-01, modified — Note 3 to entry has been added.]
6 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
3.1.24
logistic delay
delay, excluding administrative delay, incurred for the provision of resources needed for a maintenance
action to proceed or continue
Note 1 to entry: Logistic delays can be due to, for example, travelling to unattended installations, pending
arrival of spare parts, specialists, test equipment and information, and delays due to unsuitable environmental
conditions (e.g. waiting on weather).
Note 2 to entry: See also ISO/TR 12489:2013, Figure 5.
[SOURCE: IEC 60050-192:2015, 192-07-13, modified — Notes 1 and 2 to entry have been added.]
3.1.25
lost revenue
total cost of lost or deferred production due to down time
3.1.26
maintainability
<of an item> ability to be retained in, or restored to a state to perform as required, under given
conditions of use and maintenance
Note 1 to entry: Given conditions would include aspects that affect maintainability, such as: location for
maintenance, accessibility, maintenance procedures and maintenance resources.
Note 2 to entry: Maintainability can be quantified using appropriate measures. See IEC 60050-192:2015,
192-07-Maintainability and maintenance support: measures.
Note 3 to entry: See Figure G.1 for further information.
[SOURCE: IEC 60050-192:2015, 192-01-27, modified — Note 3 to entry has been added.]
3.1.27
maintainable item
item that constitutes a part or an assembly of parts that is normally the lowest level in the equipment
hierarchy during maintenance
[SOURCE: ISO 14224:2016, 3.48]
3.1.28
maintenance
combination of all technical and management actions intended to retain an item in, or restore it to, a
state in which it can perform as required
[SOURCE: IEC 60050-192:2015, 192-06-01]
3.1.29
maintenance data
data characterizing the maintenance action planned or done
Note 1 to entry: See also ISO 14224:2016, Table 8.
[SOURCE: ISO 14224:2016, 3.51]
3.1.30
maintenance management
all activities of the management that determine the maintenance requirements, objectives, strategies,
and responsibilities, and implementation of them by such means as maintenance planning, maintenance
control and the improvement of maintenance activities and economics
[SOURCE: EN 13306:2017, 2.2]
© ISO 2018 – All rights reserved 7
ISO 20815:2018(E)
3.1.31
maintenance supportability
supportability
<of an item> ability to be supported to sustain the required availability with a defined operational
profile and given logistic and maintenance resources
Note 1 to entry: Supportability of an item results from the inherent maintainability (3.1.26), combined with
factors external to the item that affect the relative ease of providing the required maintenance and logistic
support.
Note 2 to entry: See ISO 14224:2016, Annex C for further details regarding the interpretation of maintainability.
[SOURCE: IEC 60050-192:2015, 192-01-31, modified — Note 2 to entry has been added.]
3.1.32
major accident
hazardous event that results in multiple fatalities or severe injuries; or extensive damage to structure,
installation or plant; or large-scale impact on the environment
Note 1 to entry: Examples of large-scale impact on the environment are persistent and severe environmental
damage that can lead to loss of commercial or recreational use, loss of natural resources over a wide area or
severe environmental damage that will require extensive measures to restore beneficial uses of the environment.
Note 2 to entry: In ISO 17776:2016, a major accident is the realization of a major accident hazard.
[SOURCE: ISO 17776:2016, 3.1.12]
3.1.33
mean availability
average availability
A(t1, t 2)
average value of the instantaneous availability over a given time interval [t1, t 2]
[SOURCE: IEC 60050-192:2015, 192-08-01, modified — Note 1 to entry has been added.]
Note 1 to entry: The average availability is the ratio between the accumulated time spent in up state and the
length of the considered period of observation. For example, in 3.1.4 the figure shows the average availability of
the system over the interval [0, t 3] is equal to (δ1 + δ2 + δ3 + δ4 + δ5 + δ6 + δ8 + δ9)/t 3, i.e. 1 ̶ δ7/t 3 where δ7/t 3 is the
average unavailability of the system. This formula is similar to the formula obtained for production availability
calculations when only two levels, 100 % and 0 %, are considered.
3.1.34
mean time to failure
MTTF
expected time before the item fails
Note 1 to entry: See further details in ISO/TR 12489:2013, 3.1.29.
Note 2 to entry: IEC 60050-192:2015 defines MTTF as ”expectation of the operating time to failure”.
Note 3 to entry: See also ISO 14224:2016, Annex C.
[SOURCE: ISO/TR 12489:2013, 3.1.29, modified — Notes 1 through 3 to entry have been added.]
3.1.35
midstream
business category involving the processing, storage and transportation sectors of the petroleum
industry
Note 1 to entry: See ISO 14224:2016, A.1.4 for further details.
[SOURCE: ISO 14224:2016, 3.65]
8 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
3.1.36
modification
combination of all technical and administrative actions intended to change an item
[SOURCE: ISO 14224:2016, 3.67]
3.1.37
multi-state item
item with more than two classes of states
Note 1 to entry: This is an extension of the binary items beyond the concepts of up and down states. This can
characterize single items with degraded states or systems made up of several components.
EXAMPLE An oil production system comprising two wells, A and B, that can be considered as binary items
(see 3.1.3) has four states: S1 (both A and B in up state), S2 (A in up state and B in down state), S3 (A in down state
and B in up state), S4 (both A and B in down state). If, when they are in up state, A produces 200 bpd (barrels
per day) and B produces 100 bpd, then the system has four classes of production 300 bpd, {S1},200 bpd, {S2},
100 bpd, {S3} and 0 bpd, {S4}. With regards to oil production, it is a multi-state item. This is illustrated in the
figure showing production availability behaviour of a multi-state system.
3.1.38
observation period
time period during which production performance and reliability data are recorded
3.1.39
operating state
<of an item> state of performing as required
Note 1 to entry: See also ISO 14224:2016, Table 4.
Note 2 to entry: In some applications, an item in an idle state is considered to be operating.
Note 3 to entry: The state capacities of a multi-state item characterize various levels of operation and
consequently, the definition of the operating state of a multi-state item depends on the situation, for example, if:
— no other requirement is given, any state with a capacity greater than zero is an operating state;
— a minimum capacity is required, it provides the limit to split the states between up and down classes;
© ISO 2018 – All rights reserved 9
ISO 20815:2018(E)
— a given capacity is specified, then only the states with this capacity are operating states;
— no other requirement is given, any state with a capacity greater than zero is an operating state (300 bpd,
200 bpd and 100 bpd in the figure in 3.1.37);
— a minimum capacity is required, it provides the limit to split the states between up and down classes (300 bpd,
200 bpd in the figure in 3.1.37, if the minimum allowed production is 200 bpd);
— a given capacity is specified, then only the states with this capacity are operating states (200 bpd in the
figure in 3.1.37 if and only if 200 bpd are required).
[SOURCE: IEC 60050‐192:2015, 192‐02‐04, modified — Notes 1 and 3 to entry have been added.]
3.1.40
operating time
time interval during which an item is in an operating state
Note 1 to entry: The accumulated times of various disjunct operating times interrupted by e.g. unplanned or
planned down time is also called operating time.
Note 2 to entry: Sometimes the term “running time” is used instead of “operating time”. Often the running time
describes the active part of the operating time, see Table 4 in ISO 14224:2016. Whether rundown or start-up
period is included depends on equipment, but hot-standby time is not included even though some equipment
functions can be active to minimize start-up time in e.g. redundant configuration (“hot standby”).
Note 3 to entry: Running hours during testing is also called running hours, even though this is at test conditions.
[SOURCE: IEC 60050-192:2015, 192-02-05, modified — Notes 1 to 3 to entry have been added.]
3.1.41
performance objective
indicative level for the desired performance
Note 1 to entry: Objectives are expressed in qualitative or quantitative terms. Objectives are not absolute
requirements and may be modified based on cost or technical constraints. See further details in Annex F.
3.1.42
performance requirement
required minimum level for the performance of a system
Note 1 to entry: Requirements are normally quantitative, but may also be qualitative.
3.1.43
petrochemical
business category producing the chemicals derived from petroleum and used as feedstock for the
manufacture of a variety of plastics and other related products
Note 1 to entry: See ISO 14224:2016, A.1.4 for further details.
[SOURCE: ISO 14224:2016, 3.75]
3.1.44
preventive maintenance
maintenance carried out to mitigate degradation and reduce the probability of failure
Note 1 to entry: See also condition-based maintenance, and planned (scheduled) maintenance.
[SOURCE: IEC 60050-192:2015, 192-06-05]
10 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
3.1.45
production assurance
activities implemented to achieve and maintain a performance that is at its optimum in terms of the
overall economy and at the same time consistent with applicable framework conditions
Note 1 to entry: Production assurance in this document is not only limited to cover production of oil and gas, but
can also be other activities such as drilling operations, downhole well intervention, subsea intervention, offshore
loading operations, for which production assurance activities and reliability management are needed.
Note 2 to entry: Production assurance activities relate closely to the integrity management of the installations.
See definition of integrity in 3.1.22.
3.1.46
production availability
ratio of production to planned production, or any other reference level, over a specified period of time
Note 1 to entry: Production availability is an extension of the mean availability (3.1.33) to deal with multi-state
items. It is the ratio between the accumulated production delivered over a given interval of time and a reference
production level defined for this interval. For example, in 3.1.4, the figure shows the production availability of the
system over the interval [0, t 3] is equal to [300 · (δ1 + δ3 + δ5 + δ9) + 200 · (δ2 + δ6) + 100 · (δ4 + δ8)] / (300 · t 3)
provided the reference production level is 300 bpd at any time. By dividing by 300, this formula can also be
written [(δ1 + δ3 + δ5 + δ9) + 66,6 % · (δ2 + δ6) + 33,3 % · (δ4 + δ8)] / t 3.
Note 2 to entry: This measure is used in conjunction with analysis of delimited systems without compensating
elements such as substitution from other producers and downstream buffer storage. Battery limits need to be
defined in each case.
Note 3 to entry: See G.1 and Figure G.1 for further information. Examples of production loss categories (or time
loss categories) are shown in Tables G.1 to G.6.
Note 4 to entry: Production efficiency (PE) is a term often used by operators for historic production availability
in the operating phase and is a reported measure, but is in principle the same measure as predicted production
availability that is a modelled measure. This document uses the term production availability.
Note 5 to entry: For offshore and onshore loading systems, some special performance measures exist when
undertaking loading performance analyses, see further details of such metrics in I.26.
3.1.47
production performance
capacity of a system to meet demand for deliveries or performance
Note 1 to entry: Production availability, deliverability or other appropriate measures can be used to express
production performance.
Note 2 to entry: The use of production performance terms should specify whether it represents a predicted or
historic production performance.
3.1.48
production performance analysis
systematic evaluations and calculations carried out to assess the production performance of a system
Note 1 to entry: The term should be used primarily for analysis of whole systems, but may also be used for
analysis of production unavailability of sub-systems. Annex D provides guidance for planning and reporting such
analysis, and parts of Annex D can also be useful for loading performance analysis.
Note 2 to entry: Loading performance analysis is a particular type of production performance analysis focussing
on offshore and onshore loading operations, which e.g. use metocean data to analyse weather impact on such
operations (see I.25 and I.26).
© ISO 2018 – All rights reserved 11
ISO 20815:2018(E)
3.1.49
redundancy
existence of more than one means for performing a required function of an item
Note 1 to entry: See ISO 14224:2016, C.1.2 for further details, where passive (cold), active (hot) standby and
mixed redundancy are described.
Note 2 to entry: Redundancy in IEC 61508-1:2016 is called “fault tolerance”.
Note 3 to entry: IEC 60050-192:2015, 192-10-02 defines redundancy as “provision of more than one means for
performing a function”.
[SOURCE: ISO 14224:2016, 3.80]
3.1.50
reliability
ability of an item to perform a required function under given conditions for a given time interval
Note 1 to entry: The term “reliability” is also used as a measure of reliability performance and may also be
expressed as a probability (see 3.1.57).
Note 2 to entry: In the figure below reliability is illustrated for a system S comprising two redundant components
A and B. The system is reliable all over the interval [0, t1] but has had a failure during [0, t 2]. See also Figure G.1
for further information.
[SOURCE: ISO 14224:2016, 3.81, modified — Notes 1 and 2 to entry have been added.]
3.1.51
reliability data
data for reliability, maintainability and maintenance support performance
[SOURCE: ISO 14224:2016, 3.84]
12 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
3.1.52
reliability management
activities undertaken to achieve reliability related performance objectives and requirements
Note 1 to entry: Reliability management reflects production assurance activities on equipment and system level.
In project/product–development and design phases this is often called “reliability engineering”.
Note 2 to entry: A reliability management programme (RMP) can be used to describe such activities, see A.1.
3.1.53
required function
function, or combination of functions, of an item that is considered necessary to provide a given service
[SOURCE: ISO 14224:2016, 3.83]
3.1.54
risk
combination of the probability of an event and the consequences of the event
Note 1 to entry: This definition is based on ISO/IEC Guide 51:2014, 3.9 that defines risk as combination of the
probability of occurrence of harm and the severity of that harm, where the probability of occurrence includes
the exposure to a hazardous situation, the occurrence of a hazardous event and the possibility to avoid or limit
the harm. “Harm" has been replaced by "event" in the definition to cope with production assurance purpose.
It is also similar to the definition of the “level of risk” given in ISO Guide 73:2009, 3.6.1.8 (i.e. “combination of
consequences and their likelihood”).
Note 2 to entry: Events leading to production losses are considered within the production assurance field.
3.1.55
risk register
record of information about identified risks
[SOURCE: ISO Guide 73:2009, 3.8.2.4]
3.1.56
state capacity
state efficiency
processing ability of an item state
Note 1 to entry: The capacity of an item state is related to the amount of production the item is able to produce or
process in this state. For example, in the figure in 3.1.33, component A has a capacity of 200 bpd.
EXAMPLE 1 A single oil production well with two states (binary item, 3.1.4) has, for example, a capacity of
100 barrels per day (bpd) when it is in up state and of 0 bpd when it is in down state (see component B in the
figure in 3.1.33).
EXAMPLE 2 An oil production system made up of two wells, A and B, producing respectively 200 bpd and
100 bpd, has four states. This is illustrated in the figure in 3.1.37:
— S1 (A and B producing) : capacity = 300 bpd;
— S2 (A producing alone) : capacity = 200 bpd;
— S3 (B producing alone) : capacity = 100 bpd;
— S4 (A and B failed) : capacity = 0 bpd.
When the reference value is non-ambiguous, the capacity can be given in percentage. For example, with regard
to the maximum capacity of the producing system, the capacity of S1 is 100 %, the capacity of S2 is 66,6 %, the
capacity of S3 is 33,3 % and the capacity of S4 is 0 %.
© ISO 2018 – All rights reserved 13
ISO 20815:2018(E)
3.1.57
survival probability
reliability <measure>
R(t)
likelihood of the continued functioning of an item
Note 1 to entry: This likelihood is calculated by using Formula (1):
R(t) = Pr(T > t) (1)
where Pr(T > t) is the probability that the time to failure of an item, T, is greater than t, a time equal to or
greater than 0.
Note 2 to entry: Reliability is illustrated in the figure in 3.1.50 for a system S comprising two redundant
components A and B. As T > t1 the system is reliable all over the interval [0, t 1] and is surviving at time t1. As
T < t 2 the system is not surviving at time t 2.
3.1.58
technology qualification
process of providing evidence that the technology will perform as required for the specified
application area
Note 1 to entry: The requirements include both functional (technical and operational) and associated reliability
requirements for its design life. Application area refers to the operating conditions, environment or purpose for
which the technology will be used.
Note 2 to entry: See further information in C.3 and I.21.
3.1.59
up state
available state
<of an item> state of being able to perform as required
Note 1 to entry: This concept is related to a binary item (3.1.4), which can have several up states forming the
up state class of the item. All the states in the up state class are considered to be equivalent with regard to the
availability of the considered item.
Note 2 to entry: Up state relates to the availability performance (3.1.2) of the item.
Note 3 to entry: See also ISO/TR 12489:2013, Figure 5.
EXAMPLE In the figure in 3.1.4, the up state class of the system S comprises three states {S1, S2, S3} and the
system is in up state at time t1.
[SOURCE: IEC 60050‐192:2015, 192‐02‐01, modified — Notes 1 to 3 to entry have been added.]
3.1.60
up time
time interval during which an item is in an up state
Note 1 to entry: See also ISO/TR 12489:2013, Figure 3.
Note 2 to entry: Mean up time is defined in IEC 60050-192:2015 as “expectation of the up time”.
[SOURCE: ISO 14224:2016, 3.97]
3.1.61
upstream
business category of the petroleum industry involving exploration and production
Note 1 to entry: See ISO 14224:2016, A.1.4 for further details.
[SOURCE: ISO 14224:2016, 3.98]
14 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
3.1.62
variability
variations in performance measures for different time periods under defined framework conditions
Note 1 to entry: The variations can be a result of the down time pattern for equipment and systems or operating
factors, such as wind, waves and access to certain repair resources.
3.2 Abbreviations
ALT accelerated life testing
BBN Bayesian belief network
BOP blowout preventer
bpd barrels per day
CAPEX capital expenditures
CMMIS computerized maintenance management information system
DHSV downhole safety valve
ESD emergency shut down
FAT factory acceptance test
FEED front-end engineering and design
FMEA failure modes and effects analysis
FMECA failure modes, effects and criticality analysis
FN flow network
FNA flow network analysis
FPSO floating production, storage and offloading
FSU floating storage unit
FTA fault tree analysis
HALT highly accelerated life testing
HAZOP hazard and operability (study)
HASS highly accelerated stress screening
HSE health, safety and environment
ITT invitation to tender
KPI key performance indicator
LCC life cycle cost
LNG liquefied natural gases
LOSTREV lost revenue
© ISO 2018 – All rights reserved 15
ISO 20815:2018(E)
LTE life time extension
MART mean active repair time
MDT mean down time
METBF mean elapsed time between failures
MODU mobile offshore drilling unit
MPA Markov process analysis
MRT mean overall repairing time
MTTF mean time to failure
MTTR mean time to repair
MTTRes mean time to restoration
MUT mean up time
NPV net present value
OPEX operational expenditure
PAP production assurance programme
PE production efficiency
PFD process flow diagrams
PID process instrumentation diagrams
PM preventive maintenance
PN Petri nets
PNA Petri net analysis
POR performance and operability review
QA quality assurance
QRA quantitative risk analysis
RBD reliability block diagram
RBI risk-based inspection
RCM reliability-centred maintenance
RM reliability and maintainability
RMP reliability management programme
ROV remote operated vehicle
SAT site acceptance test
SCM subsea control module
16 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
SEM subsea electronic module
SIL safety integrity level
SIMOPS simultaneous operations
SISV subsea intervention and support vessel
SIT system integration test
SRA structural reliability analysis
SSIV subsea isolation valve
TNC technology novelty category
TQP technology qualification programme
TRL technology readiness level
4 Production assurance and decision support
4.1 Users of this document
This document is intended for users such as the following.
— Installation/plant/facility: Operating facility, e.g. safety, maintenance and engineering personnel.
— Owner/operator/company: Reliability staff or others analysing or responsible for production
assurance, reliability management and associated activities. Other stakeholders are technology
developers, concept and system planners, HSE staff, integrity management, maintenance
management and professional subject-matter experts that manage and assess plants/system/
equipment performance with respect to production assurance (production availability, system
availability, equipment reliability, etc.).
— Manufacturer/designer and supplier: Use of reliability management activities in technology
development, technology qualification, system design to ensure product quality and
improvements, etc.
— Authority/regulatory body: Regulatory requirements that can refer to this document to enhance
HSE, production availability, system availability, maintenance and resource utilisation.
— Consultant/contractor: Use of production assurance activities to support reliability management
and undertaking reliability studies, analysis of production availability, system availability,
maintenance, etc.
4.2 Framework conditions
The objective associated with systematic production assurance is to contribute to the alignment
of design and operational decisions with corporate business objectives. Production assurance and
reliability management activities also support quality management (see ISO 9000:2015, ISO 9001:2015
and ISO/TS 29001:2010).
In order to fulfil this objective, technical and operational measures as illustrated in Figure 1 may be
used during design or operation to influence the production performance. Figure 1 shows measures
that to a greater or lesser extent can have an effect on production performance. Some of these measures
are purely technical and it is necessary that they will be adhered to in design; others are related purely
to operation. Most of the measures have both technical and operational aspects, e.g. a bypass cannot be
© ISO 2018 – All rights reserved 17
ISO 20815:2018(E)
used in the operational phase unless provisions have been made for it in the design phase. In addition,
there are dependencies between many of the listed measures.
Figure 1 — Typical technical and operational measures that affect production performance
This imposes two important recommendations for production assurance to be efficient:
— production assurance should be carried out throughout all project design and operational phases;
— production assurance should have a broad coverage of project activities.
An overview of cost and revenue factors to considered in conjunction with the economic optimization
is shown in Figure 2. These factors can be used to better prioritize and understand the production
assurance activities with respect to life cycle cost elements (CAPEX, OPEX and LOSTREV). The
economic decision criteria depend on company as well as the business context (e.g. concept selection,
field development, system configuration) that is subject to decision.
18 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Figure 2 — Business model: Influence factors of production assurance on project economy
4.3 Optimization process
The main principle for optimization of design or selection between alternative design solutions is
economic optimization within given constraints and framework conditions. The achievement of high
performance is of limited importance, unless the associated costs are considered. Therefore, this
document can be considered together with ISO 15663 (all parts).
Examples of constraints and framework conditions that affect the optimization process are:
— statutory health, safety and environmental regulations;
— requirements for safety equipment resulting from the risk analysis and the overall safety acceptance
criteria;
— requirements to design or operation given by statutory and other regulatory bodies' regulations;
— project constraints, such as budget, implementation time, national and international agreements;
— conditions in the sales contracts;
— technical constraints.
The optimization process can be seen as a series of steps as follows (see Figure 3 for an illustration).
a) Assess the project requirements and generate designs that are capable of meeting the project
requirements.
b) Identify all statutory, regulatory and other framework requirements that apply to the project.
c) Predict the appropriate production assurance parameters.
d) Identify the preferred design solution based on an economical evaluation/analysis, such as net
present value analysis or another optimization criterion.
© ISO 2018 – All rights reserved 19
ISO 20815:2018(E)
e) Apply the optimization process as illustrated in Figure 3. Be aware that the execution of the
optimization process requires that the production assurance and reliability function should be
addressed by qualified team members.
f) If required, the process can be iterative, where the selected alternative is further refined and
alternative solutions are identified. The iterative process is typical for “gated” or threshold project-
execution phases.
g) Sensitivity analyses may be performed to take account of uncertainty in important input
parameters.
20 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
a Typical project constraints include HSE requirements; technical feasibility; compliance with acts, rules and
regulations; economical constraints; schedule constraints.
Figure 3 — Optimization framework
4.4 Production assurance programme
4.4.1 Objectives
A production assurance programme (PAP) shall serve as a management tool in the process of complying
with this document. The PAP may be either established for the various life cycle phases of a new asset
© ISO 2018 – All rights reserved 21
ISO 20815:2018(E)
development project or established for assets already in operation. As production assurance is a
continuous activity throughout all life cycle phases, it shall be updated as and when required. It can
contain the following:
— systematic planning of production assurance work within the scope of the programme;
— definition of optimization criteria;
— definition of performance objectives and requirements, if any;
— description of the production assurance activities necessary to fulfil the objectives, how they are
carried out, by whom and when;
— statements and considerations on interfaces of production assurance and reliability with other
activities;
— methods for verification and validation;
— a level of detail that facilitates easy updating and overall coordination.
Annex A provides an index for the PAP contents.
Conformity to this document shall result in the establishment and execution of a PAP.
The life cycle phases indicated in Table 2 apply for a typical asset development project. If the phases in
a specific project differ from the life cycle phases indicated in Table 2, the activities should be defined
and applied as appropriate.
Major modifications may be considered as a project with phases similar to those of an asset
development project. The requirements to production assurance activities as given for the relevant
life cycle phases apply.
Similarly, research or technology development projects (that in short or long term can be implemented
on an installation, e.g. oil/gas production facility, drilling facility, pipeline) should also benefit from use
of the reliability management principles and methods as described in this document.
Likewise, life time extension projects for further development of existing installations (see Clause I.24),
will also need to apply production assurance and reliability management.
4.4.2 Project risk categorization
It is necessary to define the level of effort to invest in a PAP to meet the business objectives for each
life cycle phase. In practice, the production assurance effort required is closely related to the level of
technical risk in a project. Therefore, it is recommended that one of the first tasks to be performed is an
initial categorization of the technical risks in a project. This enables project managers to make a general
assessment of the level of investment in reliability resources that may have to be made in a project.
The project risk categorization typically varies depending on a number of factors such as financial
situation, risk attitude, etc. Hence, specific risk categorization schemes may be established. However, to
provide some guidance on the process, a simple risk categorization scheme is outlined in this subclause.
Projects can be divided into three risk classes:
— high risk;
— medium risk;
— low risk.
The features that describe the three risk classes are further outlined in Table 1. Typically, there is a
gradual transition from one risk class to another. Hence, a certain degree of subjective assessment is
22 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
required. However, the justification for the selected risk class for a project should be included in the
PAP issued during the feasibility or concept phase.
Table 1 — Project risk categorization
Technology Operating Technical sys- Organizational Risk classa Description
envelope tem scale and scale and
complexity complexity
Mature Typical Small scale, Small and Low Low-budget, low-risk project
technology operating low complexity, consistent or- using field-proven equipment in
conditions minimal change ganization, low the same configuration and with
of system con- complexity the same team under operating
figuration condition similar to previous
projects.
Mature Typical Moderate scale Small to medium Low or me- Low- to moderate-risk project
technology operating and complexity organization, dium using field-proven equipment in
conditions moderate com- an operating envelope similar
plexity to previous projects but with
some system and organizational
complexity.
Novel or New, extended Large scale, high Large organization, Medium or Moderate- to high-risk project
non-mature or aggressive complexity high complexity highb using either novel or non-mature
technology operating en- equipment or with new or ex-
for a new or vironment tended operating conditions.
extended Project involves large, complex
operating systems and management or-
environment ganizations.
a The term “low or medium” indicates that projects comprising the indicated features can be classified as either low-risk
or medium-risk projects, likewise for the term “medium or high”.
b The novel or non-mature technology should have a potential significant impact on the project outcome to be classified
as high-risk.
The risk categorization should not be detached from the overall project’s risk management process (see
Clause C.2).
The project risk categorization (i.e. high, medium and low) is further applied in Table 2 to indicate
what processes should be performed for the different project categories. The risk categorization
from different users perspective can require different approaches, but the importance is that risk
categorization should be in place in the user company to prioritize the production assurance activities.
4.4.3 Programme activities
Production assurance activities should be carried out in all phases of the life cycle of facilities to provide
input to decisions regarding feasibility, concept, design, manufacturing, construction, installation,
operation, maintenance and modification. Processes and activities shall be initiated only if they are
considered to contribute to added value of the project.
The production assurance activities specified in the PAP shall be defined in view of the actual needs,
available personnel resources, budget framework, interfaces, milestones and access to data and general
information. This is necessary to reach a sound balance between the cost and benefit of the activity.
Production assurance should consider organizational and human factors as well as technical aspects
(see Clause I.10).
Important tasks of production assurance are to monitor the overall performance level, manage reliability
and the continuous identification of the need for production assurance activities. A further objective of
production assurance is to contribute technical, operational or organizational recommendations.
© ISO 2018 – All rights reserved 23
ISO 20815:2018(E)
The processes and activities specified in the PAP shall focus on the main technical risk items initially
identified through a top-down screening process (see 4.4.2). A risk-classification activity can assist in
identifying performance-critical systems that should be subject to more detailed analysis and follow-up.
The emphasis of the production assurance activities changes for the various life cycle phases. Early
activities should focus on optimization of the overall configuration, while attention to critical detail
increases in the later phases. The production assurance activities may also interact with integrity
management activities.
Production assurance activities relate closely to the integrity management of the installations and
system engineering activities, and the PAP should show such relationships.
In the feasibility and concept phases, the field layout configuration should be identified. This also
includes defining the degree of redundancy (fault tolerance), overcapacity and flexibility, on a system
level. This requires establishing the CAPEX, OPEX, LOSTREV, expected cost or benefit of risks and
revenue for each alternative.
These financial values are, in turn, fed back into the operators’ profitability tools, for evaluation
of profitability and selection of the alternative that best fits with the attitude towards risk. Optimal
production availability for field layouts requires that overemphasis on CAPEX is avoided, and it is
recommended that this is achieved through long-term partnering between suppliers and operators,
as well as between suppliers and their sub-suppliers. Such long-term relationships ensure mutual
confidence and maturing of the technology. Early direct involvement of the above parties with focus
on the overall revenue in a life cycle perspective is advised. This means, for example, implementing the
resulting recommendations as specifications in the invitations to tender.
The production assurance principles outlined in this document require use of the reliability data
methodology based on ISO 14224:2016, see the process “performance data tracking and analysis”
(Process 9). See also guidance in Annex E. In addition, Annex G provides a framework for performance
measures for production availability.
An overview of the production assurance processes is given in Table 2 and Clause 5, while descriptions
of the recommended activities for the processes are given in Annex B and Annex C.
Table 2 provides recommendations (indicated by an “X”) on which processes should be performed
as a function of the project risk categorization (see 4.4.2). The table also provides recommendations
(indicated by an “X”) as to when the processes should be applied (in what life cycle phase). Production
assurance requirements (process 1) can be used to illustrate the interpretation of the table. This process,
which is further described in Annex B, should be implemented for medium- and high-risk projects, and
performed in the feasibility, concept design, engineering and procurement life cycle phases.
24 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table 2 — Overview of production assurance processes versus risk levels and life cycle phases
Production assurance processes for asset development Life cycle phasee, f
Instal-
Fabri-
lation
Medium- High- Con- Engi- Pro- cation/
Low-risk Feasi- and Opera-
risk pro risk pro Process name and numberc ceptual neer- cure- Assem-
projects bility com- tion
jects jects designa ingb ment g bly/
mis-
Testing
sioning
1. Production assurance
— X X X X X X — — —
requirements
X X X 2. Production assurance planning X X X X X X X
3. Design and manufacture for
— X X — X X X X X X
production assurance
X X X 4. Production assurance X X X X X X X
— X X 5. Risk and reliability analysisd X X X — — — X
X X X 6. Verification and validation X X X — — — —
X X X 7. Project risk management X X X X X X X
— — X 8. Qualification and testing — X X X X — —
9. Performance data tracking
X X X — — — — X X X
and analysis
— — X 10. Supply chain management — — — X — — X
X X X 11. Management of change — X X X X X X
X X X 12. Organizational learning X X X X X X X
a Including front-end engineering and design (FEED).
b Including pre-engineering and detailed engineering.
c The following production assurance processes are within the main scope of work for this document: 1, 2, 3, 4, 5, 6 and 9.
d This process is primarily meant to cover production availability, system/equipment availability and component reliability analyses, but in this context
may also include availability/reliability of safety systems, see B.5 and G.1. The relations to risk analysis are described in Annex H and Clause I.20. Annex D
provides guidance for planning, execution and reporting of production performance analyses.
e Technology development projects can use similar production assurance processes.
f Lifetime extension projects can use similar production assurance processes. See Clause I.24.
g The procurement activities relate to various life cycle phases.
NOTE A process can be applicable for a certain risk class or life cycle phase although no “X” is indicated in this table. Likewise, if it can be argued that a
certain process does not add value to a project, it can be omitted.
4.5 Alternative standards
There are a number of other international standards, industry standards, national standards and
guidelines that support and direct the implementation of production assurance and reliability activities
in projects.
Table 3 shows how the production assurance and reliability processes described within this document
link to some other international standards. Work processes carried out in accordance with these
international standards can be considered to satisfy the requirements for relevant processes in this
document. The alternative standards listed in Table 3 are not normative for this document. The list of
standards in Table 3 is non-exhaustive. Other standards can also cover specific requirements in this
document. If alternative standards are referred to for compliance to specific requirements, it is the
responsibility of the user to demonstrate such compliance.
© ISO 2018 – All rights reserved 25
ISO 20815:2018(E)
Table 3 — Alternative international standards
3.
1. Pro- 9.
2. Pro- Design 11.
duc- 5. Risk 7. Perfor- 10.
duc- and 6. Veri- 8. Man 12. Or-
tion- 4. Pro- and Project mance Supply
tion- manu- fication Qualifi- age ganiza-
International assur- duction reli- risk data chain
assur- facture and cation ment tional
standard ance assur- ability man- track- man-
ance for pro- valida- and of learn-
re- ance analy- age- ing and age-
plan- duction tion testing cha ing
quire- sis ment analy- ment
ning assur- nge
ments sis
ance
IEC 60300-1:2014 X X — X — X — — — — — —
IEC 60300-3-2:2004 — — — — — — — — X — — —
IEC 60300-3-4:2007 X — — — — X — — — — — —
IEC 60300-3-14:2004 — — — — X — — — — — — —
IEC 31010:2009 — — — — X — X — — — — —
5 Production assurance processes and activities
The production assurance processes defined in this document are divided into two main classes,
i.e. core processes and interacting processes. The main reason for this split is to indicate for which
processes a potential production assurance discipline is normally responsible and for which processes
other disciplines (e.g. project management, QA, etc.) are normally responsible. However, all processes
can be equally important to ensure success.
Annex B provides recommendations for the core production assurance processes and activities that
may be carried out as part of a PAP in the various life cycle phases of a typical asset development project.
Projects other than asset developments, e.g. drilling units, transportation networks, major
modifications, etc., have phases that more or less coincide with those described in the following. The
activities carried out can, however, differ from those described.
Hence, the PAP may be adapted for each part involved to ensure that it fulfils the business needs.
In addition to the core production assurance processes and activities described in Annex B, a number of
interacting processes are described in Annex C. These processes are normally outside the responsibility
of the production assurance discipline, but information flow to and from these processes is required to
ensure that production performance and reliability requirements can be fulfilled.
Figure 4 illustrates which processes are defined as core production assurance processes and which are
considered interacting processes. Details regarding objectives, input, output and activities for each of
the processes are further described in Annexes B and C.
26 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Figure 4 — Core and interacting production assurance processes
© ISO 2018 – All rights reserved 27
ISO 20815:2018(E)
Annex A
(informative)
Contents of production assurance programme (PAP)
A.1 General
This document describes the concept of production assurance (see Clause 4) and provides processes and
activities that culminate in a production assurance programme (PAP) (see 4.4.1). This annex suggests a
model for that PAP. A PAP (see 4.4) should cover the topics covered in Clauses A.2 to A.8.
The PAP is generally used for the entire asset or project by the operator, but can also apply for the
engineering contractor or a supplier/manufacturer for their scope of work in a project. The latter may
then be named “reliability management programme” (RMP), but entails the same guidance as described
in this annex. It may also apply for a technology development project for an operator or supplier, or in
a product portfolio (e.g. specific equipment categories or equipment classes; see ISO 14224:2016) to
ensure reliability management.
A.2 Title
Production assurance programme (PAP) for [insert the description of the project].
A.3 Terms of reference
A general description of the PAP similar to the following may be given:
a) purpose and scope;
b) system boundaries and life cycle status;
c) revision control showing major changes since last update;
d) distribution list which, depending on the content, shows which parties receive all or parts of the PAP.
A.4 Production assurance philosophy and performance objectives
A description of the philosophy and performance objectives similar to the following may be given:
a) description of overall optimization criteria (see 4.3);
b) definition of performance objectives and requirements (see Annex F) with references to
performance targets, objectives and requirements in contract documents and any separate
documents that may further specify the targets, objectives and requirements, e.g. loss categories
and battery limits to define what is included and what is excluded in the targets;
c) definition of performance measures.
A.5 Project risk categorization
A description of the project risk categorization (see 4.4.2) should be included in the PAP to justify the
selection of production assurance programme activities.
28 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
A.6 Organization and responsibilities
A description of the production assurance organization with corresponding authorities and
responsibilities should be clearly stated in the PAP. Descriptions similar to the following may be given:
a) description of the organization and responsibilities, focusing on production performance, internal
and external communication, responsibilities given to managers and key personnel, functions,
disciplines, sub-projects, contractors and suppliers;
b) description of the action management system, defining how the production assurance activities
recommendations and actions are communicated, evaluated and implemented;
c) description of the verification and validation functions specifying planned third-party verification
activities related to production assurance/reliability (if any).
A.7 Activity schedule
A description of the activity schedules similar to the following may be given:
a) overview of the production assurance activities during life cycle phases, which may contain a table
similar to Table 2 to indicate past and future production assurance activities;
b) list of the plans or references to other documents containing the plans for production assurance/
reliability activities showing the main project milestones and interfacing activities;
c) clear statements of the relationship between the various production assurance activities, e.g.
input/output relationship and timing.
A.8 References
References are made to, and revised as appropriate when updating the PAP:
— key project documentation;
— relevant corporate or company requirements;
— relevant international, industry or national standards;
— list of production assurance deliverables (documentation).
© ISO 2018 – All rights reserved 29
ISO 20815:2018(E)
Annex B
(informative)
Core production assurance processes and activities
B.1 Production assurance requirements — Process 1
This process is administrative by nature and supports the economical optimization process (see 4.3)
aiming at formulating production assurance requirements. The main activity for this process is related
to communication among relevant parties. Production assurance process 1 is described in Table B.1.
Unnecessary limitations in the form of unfounded performance requirements should be avoided to
prevent otherwise favourable alternatives from being rejected during the optimization process.
Optimal production availability in the oil and gas business requires a standardized, integrated
reliability approach, as this clause provides for asset development. This is an economic optimization
problem, with defined framework conditions and constraints. This optimization problem involves both
production assurance and interfacing processes.
The constraints from other disciplines as outlined in Figure 3 should be considered together with
relevant performance measures (see Annex G) in the optimization process.
In the feasibility and concept phases, the asset configuration should be identified. This also includes
the degree of redundancy (fault tolerance), overcapacity and flexibility, on a system level. This
requires establishing the CAPEX, OPEX, LOSTREV, expected cost or benefit of risks and revenue for
each alternative. These financial values are, in turn, fed back into the operator’s profitability tools, for
evaluation of economic viability and selection of the alternative that best fits with the attitude towards
risk. Optimal production availability for field layouts requires that overemphasis on CAPEX should be
avoided, and it is recommended that this is achieved through long-term partnering between suppliers
and operators, as well as between suppliers and their sub-suppliers. Such long-term relationships
ensure mutual confidence and maturing of the technology together. Early, direct intervention of the
above parties with focus on the overall revenue in a life cycle perspective is advised. This means, for
example, implementing the resulting recommendations as specifications in tender documents.
Specification of performance objectives and requirements are further described in Annex F.
30 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table B.1 — Production assurance requirements — Process 1
Process Life cycle phase(s)
elements Feasibility Conceptual design Engineering Procurement
Objective Provide tentative Provide production as- Allocate the produc- Ensure that the rel-
production assurance surance requirements tion assurance require- evant manufacturers at
requirements for vari- for the selected asset ments from the concept each level of the supply
ous asset development development option(s) phase to the subsys- chain understand what
options tems, as required reliability is required,
and with which reliabil-
ity standards to comply
Input Alternative asset devel- The selected asset Output from the con- Output from the engi-
opment plans development plan, cept phase neering phase
with the estimated
production availability
formulated as a system
requirement in the
invitation to tender
alternative field layout
configurations
Production availability
analysis
Production Identify additional Initiate estimation of Define and allocateEnsure that the reli-
assurance constraints the production avail- the production assur-
ability requirements
activities ability for the asset ance requirements are included in the
Initiate estimation of
development options to the subsystems, as
tender documents,
the production avail-
required through interfacing
ability for the asset These estimates are
with the procurement
development options aggregated from each This definition is based
organization
specified as input on a main supplier’s scope on the production
system level of supply, as defined by availability analysis Planning, reporting
the asset development and follow-up for the
Planning, reporting Planning, reporting
requirements
and follow-up for the Planning, reporting and follow-up for the
requirements and follow-up for the requirements
requirements
Output Production availability Production availability Subsystem production Subsystem reliability
estimates for the asset estimates for the asset availability require- requirements, includ-
development options development options ments for the selected ing with which reliabil-
specified as input specified as input, allo- option, as required ity standards to comply
cated according to each
Estimated production This includes the Other relevant qualita-
main supplier’s scope
availability for each applied subsystem reli- tive or quantitative
of supply
option, formulated as ability data production assurance
a system requirement Other relevant qualita- requirements
Other relevant qualita-
for the option to be tive or quantitative
tive or quantitative
selected production assurance
production assurance
requirements
Other relevant qualita- requirements
tive or quantitative
production assurance
requirements
B.2 Production assurance planning — Process 2
This process is relevant for all life cycle phases and relates to planning and management of the
production assurance process. The PAP represents the main production assurance management tool.
An overall PAP for an asset may be considered to coordinate or replace separate project PAPs on
lower levels.
© ISO 2018 – All rights reserved 31
ISO 20815:2018(E)
Further requirements for the PAP are described in 4.4 and in Annex A. Production assurance process 2
is described in Table B.2.
Table B.2 — Production assurance planning — Process 2
Process Life cycle phase(s)
elements All
Objective To establish and maintain a PAP (see 4.4) to ensure that the production assurance requirements
are fulfilled
Input Project plans, which are required to schedule the production assurance activities before decisions
are made and after the required information is established
Project risk categorization
Output from process 1 — Production assurance requirements
Output from process 3 — Design and manufacture for production assurance
Output from process 5 — Risk and reliability analysis
Production A PAP should be established and updated for asset development projects. The required contents of
assurance the PAP are the production assurance performance objectives, organization and responsibilities
activities and activity schedules (see Annex A). The core of the production assurance programme defines
the activities required to comply with the constraints (see Figure 4) and the production assurance
requirements (see Clause B.1). I.e. this activity requires scheduling of the tabulated production as-
surance activities for the relevant risk level and project phase. The production assurance activities
should be performed in a timely manner in order to support decisions before they are made
The extent of the production assurance programme (i.e. amount of planned activity) should be
based on the project risk categorization as described in 4.4.2. This means that an asset develop-
ment project defined as high or medium risk normally is comprised of more production assurance
activities than a low-risk project
Output Initial PAP
Updated PAP for later life cycle phases, including the following:
— status and reference to documentation for the scheduled PAP activities;
— documentation of the fulfilment of the production assurance requirements (alternatively,
references to evidence);
— reference to the risk register (see Clause C.2); all mitigating actions arising from the
production assurance programme should be transferred to the risk register for follow-up and
close-out.
Input to process 4 — Production assurance
NOTE A close-out report for production assurance activities upon completion of a project can be
useful, also in organizational learning (see Process 12).
B.3 Design and manufacture for production assurance — Process 3
Systematic identification of potential opportunities for reliability improvement and reduction of
technical and operational risks should be performed during all life cycle phases, except the feasibility
where this process is considered less relevant.
Identification of improvement potentials should be based on observed in-service performance data
(feedback loop, see Figure B.1; see also ISO 14224:2016, Figure 1) and information gathered from
production performance analyses. Improvements can also be made by new technology and associated
technology qualification (see Process 8).
Cost-efficient decisions on what improvements to implement require a good understanding of what
causes business impact (production, operation and HSE).
32 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Production assurance process 3 is about implementing improvements (“feed forward loop”) during
design, manufacture, test and installation and operational phases to drive production assurance, and is
described in Table B.3. See also Figure B.1.
Table B.3 — Design and manufacture for production assurance — Process 3
Process Life cycle phase(s)
elements All (except feasibility)
Objectives Identify the need for improved system reliability performance or reduced risk in a project to ensure
that performance requirements are not compromised
Based on tracking and analysis of performance data, identify and communicate potentials for im-
proved equipment or system reliability or risk reduction to the system or equipment manufacturers
Implement improvements (“feed forward loop”) during design, manufacture, test and installation
and operational phases to meet production assurance objectives and requirements
Inputs Output from process 1: Production assurance requirements
Output from process 5: Risk and reliability analysis (reliability analysis, production availability
and risk identification results)
Output from process 9: Performance data tracking and analysis
Production The specific production assurance and reliability management activities related to this process
assurance are performed within other processes. Communication of the potential reliability improvement or
activities risk-reduction requirements or proposals to the right recipient
Decide production assurance improvements to be implemented by project
Output Reliability improvement or risk reduction proposals
Input to process 2: Production assurance planning
Input to process 11: Management of change
Figure B.1 — Typical feedback (estimation) for reliability improvement in design and
manufacture and feed forward loop (prediction) for actual performance (business model)
B.4 Production assurance — Process 4
This process is relevant for all life cycle phases and relates to the management, follow-up and
documentation of the production assurance process and demonstration that the production
performance requirements are adhered to. Production assurance process 4 is described in Table B.4.
© ISO 2018 – All rights reserved 33
ISO 20815:2018(E)
Table B.4 — Production assurance — Process 4
Process Life cycle phase(s)
elements All
Objective Reporting and follow-up of the production assurance activities to manage and demonstrate the
production assurance process
Input Output from process 1: Production assurance requirements
Output from process 2: Production assurance planning
Output from the production assurance activities (see below)
Production Reliability assurance (management and demonstration) is comprised of reporting and follow-up of
a s s u r a n c e the production assurance activities and should be performed for all the project phases
activities Follow-up of the production assurance process: A follow-up system for production assurance should
be applied to ensure progress of the PAP activities and the resulting actions that are transferred
to a risk register. A risk register or a similar document should be used as a production assurance
demonstration document
Output Production assurance demonstration document, which contains evidence that the production as-
surance requirements are fulfilled
Input to process 7 — Project risk management
B.5 Risk and reliability analysis — Process 5
This process covers the actual performance of the production performance analysis, i.e. risk and
reliability analyses. Production assurance process 5 is described in Table B.5.
It is necessary that optimal technical safety and reliability are designed into new projects and integrated
into the design process through all the design phases. In traditional design processes, technical safety
and reliability aspects are generally not considered until some verification of equipment or components
is required. This is usually too late in the system design process to obtain an optimal design. Hence,
early design for reliability is necessary to support the project development.
The objective is to define a process that can be used to integrate reliability considerations into the
design process, thus representing a pro-active approach.
The feasibility- and concept-phase reliability activities should focus on the optimization of the overall
configuration and identification of the critical subsystems, while attention to the details of critical
subsystems increases in the engineering phase.
34 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table B.5 — Risk and reliability analysis — Process 5
Process Life cycle phase(s)
elements Feasibility Conceptual design Engineering Operation
Objectives To provide partial To provide partial deci- To provide partial de- To measure actual
decision support for sion support for select- tailed design decision performance against
selecting an asset de- ing an asset configura- support that predicted in pre-
velopment plan, e.g. tion, e.g. ceding phases
— topside or subsea — number and Or also undertaking
solution type of wells and any analysis on subject
manifolds; matters important dur-
— capacity, ing this life cycle phase
pressure rating — number of pumps
and pumping in a pumping
requirements for a station
pipeline system
— number of
— process plant compressors in a
development process plant
solution
Inputs Alternative asset de- Selected asset develop- Selected field layout As-built information
velopment plans ment plan, with the configuration
Detailed recording of
estimated production
Output from process 2: Alternative design system performance
availability formulated
Production assurance solutions, as they arise parameters
as a system require-
planning in the design process
ment in the invitation Output from process 4:
to tender Output from process 4: Production assurance
Production assurance
Alternative field layout
configurations
Output from process 4:
Production assurance
Production The purpose of produc- The purpose of pro- The purpose of pro- The purpose of pro-
assurance tion availability analy- duction availability duction availability duction availability
activities sis in this phase is to analysis in this phase analysis in this phase analysis in this phase
contribute to optimiz- is to contribute to opti- is mainly to verify is to determine if the
ing the asset develop- mizing the field layout compliance with re- operating asset is
ment plan. configuration. quirements, since most meeting the predicted
of the decisions influ- production availability,
The production avail- The production
encing the require- and where necessary
ability for alternativeavailability for 2 or
ments have already provide transparent
asset development 3 alternative layout-
been made. However, insight to sources of
plans should be estab- configuration options
recommendations for degraded performance
lished. should be established.
spare parts should be Interaction also with
Identify such options
The parameters below established. reliability-centred
by varying the param-
are guidance to estab- maintenance (see
eters below:
lish: Clause I.14). Use of pro-
duction performance
analysis support in field
modification projects
(e.g. life time extension,
new tie-in projects; see
Clause I.24).
© ISO 2018 – All rights reserved 35
ISO 20815:2018(E)
Table B.5 (continued)
Process Life cycle phase(s)
elements Feasibility Conceptual design Engineering Operation
— fault tolerance, i.e. — fault tolerance, i.e. A reliability analysis
redundancy; redundancy; technique may be se-
lected (see Annex I)
— proven versus — proven versus
novel solutions; novel solutions;
— flexibility, e.g. — simplicity, e.g.
possibility for minimizing
alternative the number
routings, of required
reconfigurations connections,
and future which are
expansions; potential sources
of failures;
— maintainability,
e.g. minimizing — overcapacity,
the amount e.g. partial
of down time or complete
required for fulfilment of the
maintenance. design intent of
the system in a
degraded mode of
operation;
— flexibility, e.g.
the possibility
for alternative
routings,
reconfigurations
and future
expansions;
— maintainability,
e.g. minimizing
the amount
of down time
required for
maintenance.
The purpose of the The purpose of the The purpose of the
equipment reliability equipment reliability equipment reliability
analysis is to screen analysis is to screen analysis is to screen
the delivery project the delivery project the delivery project
to identify the critical to identify the critical to identify the critical
parts, which are then parts, which are then parts, which are then
studied in more detail studied in more detail studied in more detail
to identify possible to identify possible to identify possible
improvements. improvements. improvements.
A reliability analysis A reliability analysis A reliability analysis
technique may be se- technique may be se- technique may be se-
lected (see Annex I) lected (see Annex I) lected (see Annex I)
36 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table B.5 (continued)
Process Life cycle phase(s)
elements Feasibility Conceptual design Engineering Operation
Output Production availability Production availability Production availability Tracking and report-
estimates for the op- estimates for the op- estimates for the op- ing of operational
tions specified as input tions specified as input tions specified as input. production availability
against predicted per-
Identified risks (for Identified risks (for Identified risks (for
formance.
transfer to the risk reg- transfer to the risk reg- transfer to the risk reg-
ister; see Clause C.2) ister; see Clause C.2) ister; see Clause C.2) Identified or predicted
risks (for transfer to
the risk register; see
Clause C.2)
B.6 Verification and validation — Process 6
The main objective of this process is to ensure that the implemented solution is in compliance with
the requirements in the production assurance programme. The production assurance verification and
validation process has an important interface with the design review and other technical verification
activities in the sense that the production assurance aspects should be addressed in the review.
However, the design review process itself is normally the responsibility of engineering departments.
Production assurance process 6 is described in Table B.6.
Table B.6 — Verification and validation — Process 6
Process Life cycle phase(s)
elements Feasibility, conceptual design and engineeringa
Objective To ensure that the implemented production performance is in compliance with the requirements
in the PAP
Input Output from process 4: Production assurance
Output from process 7: Project risk management
Production The production assurance verification process comprises document control and design review. The
assurance essence of the document control is to check that the assumptions, selected methods, input data,
activities results and recommendations are reasonable
The production assurance validation process comprises a final check of the predicted/ implemented
production performance versus the requirements in the PAP. The essence of the validation is to check
that all the activities scheduled in the PAP are completed and that all entries in the risk register
are closed out
Compliance with the ISO 9000 series is regarded as an alternative fulfilment of the verification and
validation process
Output PAP updates including reference to the closed-out activities and actions in the risk register
a Installation, commissioning and operation are covered in process 9 (see Clause B.7).
B.7 Performance data tracking and analysis — Process 9
This process covers the complementary parts of process 6 (Verification and validation) in the sense
that it represents the ‘verification’ and ‘validation’ of the production performance during installation,
commissioning and operation. Production assurance process 9 is described in Table B.7.
© ISO 2018 – All rights reserved 37
ISO 20815:2018(E)
Table B.7 — Performance data tracking and analysis: Process 9
Process Life cycle phase(s)
elements Installation and commissioning Operation
Objective Prepare for collection and analysis of perfor- Collect and analyse operational performance data
mance data to identify possible improvement potentials and
to improve the data basis for future production
assurance and reliability management activities
Input System descriptions from the engineering phase Inventory models
Performance records (e.g. from maintenance
management systems)
Production Prior to the operation phase, equipment inventory During operation, performance data should be col-
assurance models should be established to enable the start lected continuously or at predetermined intervals.
activities of performance tracking (data collection) and Analysis of the collected data should be undertaken
analysis. Reference is made to ISO 14224:2016 for regularly to identify reliability improvement and
performance data tracking and analysis recom- risk reduction potentials
mendations
Furthermore, collection of performance data
relating to the installation process itself should
be considered to identify potentials for future
installation performance improvements
Output Inventory models Operational performance data
Installation performance data Input to process 3: Design and manufacture for
production assurance
Input to process 10: Supply chain management
Input to process 12: Organizational learning
Failures occurring on equipment during fabrication and detected during acceptance testing (e.g. FAT,
SAT and SIT) is also important to assess, see also ISO 14224:2016, 5.2.
Production assurance activities (e.g. production performance analysis) can reveal the need for
reliability data that can require data collection in accordance with ISO 14224:2016.
Collection and analysis of performance data is further described in Annex E. Furthermore, Annex G
provides examples of performance measures that can be tracked and analysed.
NOTE Data qualification is part of process 5: Risk and reliability analysis.
38 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Annex C
(informative)
Interacting production assurance processes and activities
C.1 General
The interacting processes described in this annex are not included in the responsibility of the
production assurance discipline. However, these interacting processes are required in order to achieve
the required production performance.
C.2 Project risk management — Process 7
All mitigating actions arising from the production assurance programme should be linked to or
transferred to the risk register for follow up and close out, in order to have only one register for all
kinds of risks. This transferral is the responsibility of the production assurance discipline. See also
ISO 31000:2018 and ISO 17776:2016.
The risk register and the PAP are information carriers and decision tools with regards to risk.
Interacting process 7 is described in Table C.1.
Table C.1 — Project risk management — Process 7
Process Life cycle phase(s)
elements All
Objective The objective of project risk management is to ensure that all risk elements capable of jeopardizing
the successful execution and completion of a project are identified and controlled/mitigated in a
timely manner
Input Transferred action items from all the production assurance processes
Production Follow-up and close-out of all actions transferred from the production assurance processes
assurance
activities
Output Risk register
C.3 Qualification and testing — Process 8
The objective of this testing versus production assurance is to ensure that adequate functionality and
acceptable robustness against dominating failure modes for critical technology items is demonstrated
through the qualification test program.
Interacting process 8 is described in Table C.2. This process addresses qualification and testing where
typically a technology qualification programme (TQP) has been established (see DNVGL-RP-A203:2017
and API RP 17N:2017), but some of the principles can apply for fabrication and assembly testing (e.g.
FAT and SAT) for other equipment deliveries not subject to technology qualification.
The validation of proven technology (TRL 7, ref. Table I.8 in Clause I.21) will also use operating
experience as achieved in Process 9, and associated reliability data as defined in ISO 14224:2016.
© ISO 2018 – All rights reserved 39
ISO 20815:2018(E)
Table C.2 — Qualification and testing — Process 8
Life cycle phase(s)
Process
elements Conceptual design Engineering Procurement and fabrica-
tion/assembly/testing
Objective Identify the technology items Ensure that acceptable robust- Ensure that acceptable robust-
requiring qualification testing ness against dominating failure ness against dominating failure
modes for critical technology modes for critical technology
items is demonstrated through items is demonstrated through
the qualification test program the qualification test program
Input Scope of supply Output from process 5: Output from process 5:
Design basis Output from equipment reliabil- Output from equipment reliabil-
ity analysis ity analysis.
Output from production avail- Output from production avail-
ability analysis ability analysis.
The reliability processes should The reliability processes should
identify the relevant failure identify the relevant failure
modesa for the technology modesa for the technology items
items tested and communicate to be tested and communicate
this to the engineering organi- this to the engineering organi-
zation that is responsible for zation through the risk register,
establishing the test program which is responsible for estab-
through the risk register lishing the test program
Production Identifying the technology Establish qualification proce- Establish qualification proce-
assurance items requiring qualification dures dures
activities testing by technology nov-
Perform testing Perform testing
elty scoring (see Table I.8 in
Clause I.21) Establish qualification test Establish qualification test
reports reports
Output List of technology items requir- The engineering organization The engineering organization
ing qualification testing should communicate the test should communicate the test
results regarding the relevant results regarding the relevant
failure modes to the produc- failure modes to the produc-
tion assurance discipline. The tion assurance discipline. The
reliability value by new qualified operational preparedness for
technology should also be part use of new qualified technology
of qualification testing reporting should also be part of qualifica-
tion testing documentation
a The evaluation of relevant failure modes should also consider operational experience of similar components in addition
to the lab/qualification test results in order to catch possible failure events that are more closely associated with some
particular operational conditions and/or procedures and, normally, not revealed by lab tests.
Reliability testing techniques are used in qualification testing and various techniques (e.g. accelerated
life testing) are further described in Clause I.9.
C.4 Supply chain management — Process 10
The main purpose of this interacting process is to ensure that manufacturers at each level of the supply
chain are aware of and understand the specified reliability requirements and take appropriate actions
to increase the probability that the specified requirements can be achieved.
Interacting process 10 is described in Table C.3.
40 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table C.3 — Supply chain management — Process 10
Process Life cycle phase(s)
elements Procurement Operation
Objective Ensure that manufacturers at each level of the Analyse collected data regularly to identify reli-
supply chain understand the reliability require- ability improvement potential.
ments and take appropriate actions to increase
Ensure that manufacturers take appropriate actions
the probability that the specified requirements
to increase the probability that the improvements
can be achieved
can be achieved.
Input Output from process 1: Production assurance Output from process 1: Production assurance
requirements (with respect to equipment design requirements (with respect to evaluating/ moni-
and equipment delivery) toring equipment performance)
Output from process 5: Risk and reliability analysis Output from process 5:
Output from process 9: Performance data tracking Risk and reliability analysis
and analysis
Output from process 9:
Performance data tracking and analysis
Production Ensure that reliability requirements are addressed Ensure that reliability requirements are addressed
assurance in the supply chain in the supply chain
activities
Output Distributed reliability requirements for the sup- Distributed reliability requirements for the sup-
ply chain ply chain
Information for spare parts evaluation
C.5 Management of change — Process 11
The engineering discipline is responsible for technical changes.
The objective of the management of change process versus the production assurance is to ensure that
no changes compromise the production assurance requirements. The consequence of this is that a risk
assessment versus the production assurance is required.
The impact of changes should be qualitatively assessed as part of project risk management to determine
the level of effort required to analyse the impact. The outcome of this assessment can typically be
— no activities, for changes with minor risk impact versus the production assurance;
— design review, for changes with medium risk impact versus the production assurance;
— equipment reliability and/or production availability analysis, for changes with a high risk impact
versus the production assurance.
The assessment of the impact on the production assurance from the changes should normally be
an integrated part of the design review. Hence, the design review form should include a production
assurance checkpoint (e.g. the impact on production availability from the change).
However, if the risk of compromising the production assurance is deemed high, the equipment reliability
and/or production availability analysis should be updated/initiated.
Interacting process 11 is described in Table C.4.
© ISO 2018 – All rights reserved 41
ISO 20815:2018(E)
Table C.4 — Management of change — Process 11
Process Life cycle phase(s)
elements All (except feasibility)
Objective To ensure that no changes compromise the production assurance requirements
Input Output from process 1: Production assurance requirements
Output from process 3: Design and manufacture for production assurance
Description of the change
Production Assess production assurance impacts from changes, e.g. during design reviews
assurance
activities
Output Input to process 7: Input to or update of the risk register
Performance impact assessments resulting from changes
Initiation of the equipment reliability and/or production availability analysis
C.6 Organizational learning — Process 12
The purpose of the interacting process “organization learning” in a production assurance perspective
is to communicate positive and negative experiences related to reliability and production performance
from previous asset development projects to reduce the likelihood that product and process failures of
the past are repeated. The process is considered relevant for all life cycle phases.
Lessons learned can include human factors issues; see I.10. The production assurance process will
demonstrate that these lessons are considered in new designs, modifications and in revisions to
existing processes and procedures.
EXAMPLE If one builds a gym on top of the sleeping area in the accommodation and the sound is transmitted
through the floor, people could be kept awake by those on the other shift using the gym. This increases the
possibility of fatigue, a negative performance shaping factor. This problem can be brought to light by complaints.
Use the feedback to avoid this problem in subsequent designs.
Interacting process 12 is described in Table C.5.
Table C.5 — Organizational learning — Process 12
Process Life cycle phase(s)
elements All
Objective To ensure that product and process failures of the past is not repeated
Input Lessons learnt during previous projects
Output from process 9: Performance data tracking and analysis
Production The responsibility of the production assurance and reliability management function in projects is to
assurance participate in reviews of lessons learnt and other relevant experience transfer
activities
Furthermore, relevant lessons learnt in one project should be transferred into future projects
Output Lessons learned (positive and negative)
Risk register
42 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Annex D
(informative)
Production performance analyses
D.1 General
Production performance analyses should be planned, executed, used and updated in a controlled and
organized manner.
Production performance analyses should provide a basis for decisions concerning the choice of
solutions and measures to achieve an optimum economy within the given constraints. This implies that
the analysis should be performed at a point in time when sufficient details are available to provide
sustainable results. However, results should be presented in time for input to the decision process.
Production performance analyses should be consistent and assumptions and reliability data traceable.
Suitable analysis tools, calculation models, data and computer codes that are acceptable to the involved
parties should be chosen. Be aware that analysis tools and calculation models are under constant
development.
Recommendations given in this annex apply to the production performance analyses of complete
installations, but can also apply to reliability and availability analyses of components/systems with
obvious modifications.
Reporting of production performance analysis results should be at the relevant taxonomy level as
outlined in the Figure D.1. Production availability for entire production facility is typically reported
at taxonomic levels 3 - 4, whilst production unavailability can be reported to reflect production loss
impact from items on underlying taxonomic levels 5-9 when the analysis has a smaller scale focus. See
further description in this annex.
© ISO 2018 – All rights reserved 43
ISO 20815:2018(E)
NOTE This is a reproduction of ISO 14224:2016, Figure 3.
Figure D.1 — Taxonomy classification with taxonomic levels
Figure D.2 illustrates the framework for this document. Collection of equipment reliability and
maintenance data is an important basis for production performance analysis. This topic is addressed in
ISO 14224:2016. These data are further treated and analysed to establish failure rates, repair time, etc.,
typically on equipment, subunit or component level (taxonomy levels 6 - 8, see Figure D.1). Smaller scale
availability assessments may be done at equipment level, e.g. as a function of component reliability
and maintainability. In this case, only (time-based) availability is assessed without considering the
(volumetric) production. It is also common to perform such availability analyses at system, plant or
installation level (taxonomy levels 3 - 5, see Figure D.1). If production volume is not considered, such
analyses may be performed with traditional reliability block diagrams (RBD) or fault tree analyses
(FTA). More information about these techniques is included in Clauses I.3 and I.4. ISO/TR 12489:2013
addresses reliability modelling and calculation of safety systems also applicable for non-safety systems,
but does generally not focus on production assurance.
44 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Figure D.2 — Illustration of different analyses on various taxonomy levels
Production forecasting or production availability analyses are typically assessments of plant/unit or
installation performance (taxonomy levels 3 and 4, see Figure D.1), as a function of equipment reliability
performance of smaller units like equipment or components (taxonomy levels 6 - 8, see Figure D.1).
For production systems, it is important to consider the production itself combined with the equipment
availability. The consequences of equipment unavailability depend on factors such as capacity,
production profiles, demands and buffers, setting the availability into the context of production
performance. This is the primary focus of this document. The term “production” in this case is used
in the broadest sense, and could cover e.g. drilling, workover and intervention activities, as well
as the actual oil/gas production or gas/water injection. As Figure D.2 illustrates, it should also be
noted that production performance can be put in a larger context where the complete economy of the
production life is considered through life cycle cost (LCC) analysis. Thus, analyses performed according
to this document give valuable input to LCC, which is covered in the ISO 15663:2001 (all parts) and
ISO 19008:2016. See also Figure 2.
D.2 Planning
D.2.1 Objectives
The objectives of the analyses should be clearly stated prior to any analysis. Preferably, objectives can
be stated in a production assurance activity plan as a part of the PAP structure. Objectives can be to:
— verify production assurance objectives or requirements;
— identify operational conditions or equipment units critical to production assurance;
— predict production availability, deliverability, availability, reliability, etc.;
— identify technical and operational measures for performance improvement;
— compare alternatives with respect to different production assurance aspects;
— enable selection of facilities, systems, equipment, configuration and capacities based on economic
optimization assessments;
— provide input to other activities, such as risk analyses or maintenance and spare-parts planning.
D.2.2 Production performance analysis information
The system for analysis should be defined, with necessary boundaries relative to its surroundings.
An analysis of a complete production chain can cover reservoir delivery, wells, process and utilities,
product storage, re-injection, export and tanker off-take.
© ISO 2018 – All rights reserved 45
ISO 20815:2018(E)
Operating modes for inclusion in the analysis should be defined. Examples of relevant operating modes
are start-up, normal operation, operation with partial load and run-down. Depending on the objective
of the analysis, it can also be relevant to consider testing, maintenance and emergency situations. The
operating phase or the period of time for analysis should also be defined.
The performance measures predicted should be defined. In production availability and deliverability
predictions, a reference level that provides the desired basis for decision-making should be selected.
It should also be decided whether to include the production performance effect from turnarounds (see
ISO 14224:2016, 3.94), as well as those major accident type of events normally identified and assessed
with respect to safety in risk analyses.
The analysis methodology for use should be decided on the basis of study objectives and the predicted
performance measures.
D.3 Procedure
D.3.1 Preparation
A review of available technical documentation should be performed as the initial activity, as well as
establishing liaison with relevant disciplines. Site visits can be performed and are recommended in
some cases.
All input documentation should be reviewed, liaison with relevant disciplines should be established,
and sites should be visited, if necessary.
D.3.2 Study basis
The documentation of study basis has two main parts: system description and reliability data.
The system description should describe, or refer to documentation of, all technical and operational
aspects that are considered to influence the results of the production performance analysis and that
are required to identify the system subject to the analysis, e.g. design basis, piping and instrumentation
diagrams, process flow diagrams, operation and maintenance strategies, reliability data, maintainability
data, equipment data (e.g. capacities), cause and effect matrices, production profiles.
Reliability data should be documented. A reference to the data source should be included. Reference can
be made to engineering or expert judgement, but an historically based data estimation should be used
if one can be determined.
The basis for quantification of reliability input data should be readily available statistics and system/
component reliability data, results from studies of similar systems or expert/engineering judgement.
Performance and operability review (POR) sessions can be used to predict plant-specific down times. In
the analysis, the approach taken for reliability data selection and qualification should be specified and
agreed upon by the involved parties.
D.3.3 Model development
The model development includes the following activities:
— functional breakdown of the system;
— evaluation of the consequences of failure, maintenance, etc., for the various subparts;
— evaluation of events for inclusion in the model, including common-cause failures;
— evaluation of the effect of compensating measures, if relevant;
— model development and documentation.
46 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
D.3.4 Analysis and assessment
D.3.4.1 Performance measures
Various performance measures may be used to evaluate the performance of the object subject to
analysis; see Clause G.1. Production availability and deliverability (whenever relevant) are the most
frequently used measures. Depending on the objectives of the production performance analysis, the
project phase and the framework conditions for the project, the following additional performance
measures may be used:
— proportion of time or number of times production (delivery) is equal to or above demand (demand
availability);
— proportion of time or number of times production (delivery) is above zero (on-stream availability);
— proportion of time or number of times the production (delivery) is below demand;
— proportion of time or number of times the production (delivery) is below a specified level for a
certain period of time;
— proportion of time production (delivery) is below planned production (production unavailability)
for specified increments of time;
— number of days with a certain production loss;
— resource consumption for repairs;
— availability of systems/subsystems;
— technical availability or operational availability.
As a predictor for the performance measure, the expected (mean) value should be used. The uncertainty
related to this prediction should be discussed and, if possible, quantified (see D.3.7).
Annex G provides a guide on the elements for inclusion in the performance measure for predictions and
for historical performance reporting.
D.3.4.2 Sensitivity analyses
Sensitivity analyses should be considered to take account of uncertainty in important input
parameters, such as alternative assumptions, variations in failure and repair data or alternative system
configurations.
D.3.4.3 Importance measures
In addition to the performance measure, a list of critical elements (e.g. equipment, systems, operational
conditions and compensatory means) should be established. This list assists in identifying systems/
equipment that should be considered for production assurance and reliability improvement.
There is a large number of component importance measures in literature on reliability theory, which
can be used to establish such lists. Many of these are developed to measure importance in safety
systems but can work in any traditional system availability analysis, typically performed by RBD or
FTA. When production is considered, most of the common importance measures in reliability theory are
not suited, but for several of these, it is possible to make only small adjustments in order to adapt them
to production performance analysis. For instance, the Birnbaum measure, as described in Reference[76]
can be interpreted as the difference in system state when the component is functioning and when it is
not functioning. By considering the difference in production when the component is functioning or not,
a slight variant of the Birnbaum measure can be used in production performance analyses.
Software tools for production performance analysis usually include some kind of importance measure
algorithm. Such algorithms can be linked to importance measures in reliability theory, but have a more
© ISO 2018 – All rights reserved 47
ISO 20815:2018(E)
practical approach. A common concept is the evaluation of the component’s contribution to production
loss or unavailability. Some pitfalls related to this measure and its interpretation is addressed in
Reference[78] which also gives an interpretation of the covariance between system and component
suited for production systems. There are also other importance measures developed more specifically
for multi-state production systems, e.g. in Reference[75].
D.3.5 Reporting and recommendations
The various steps in the production performance analysis, as described in D.3.1 to D.3.4, and all
assumptions should be reported.
The appropriate performance measures should be reported for all alternatives and sensitivities.
Recommendations identified in the analysis should be reported. A production assurance management
system should be used to follow up and decide upon recommendations. Recommendations can
concern design issues or further production performance analyses/assessments. In the latter case, the
interaction with the PAP is evident. Furthermore, recommendations can be categorized as relating to
technical, procedural, organizational or personnel issues. Recommendations can also be categorized by
whether they affect the frequency or the consequence of failures/events.
D.3.6 Major accidents and rare long duration events
Production assurance activities like production availability analysis or system availability analysis
will normally analyse and quantify the risk of identified failure and consequences like production
unavailability or system unavailability, whereof some can be due to infrequent and/or serious events
with long production and/or system down time. These could be classified as:
— Type A: Major accidents (see 3.1.32) caused by various type of hazardous events (see Annex H);
— Type B: Infrequent critical equipment failures with long production and/or system down time. Such
events are not considered to be major accident even though long production or operational down
time can result.
These events should be distinguished from the more frequent events, which are considered in analyses
of production availability and deliverability. The expected value contribution from such event is
normally a rather small quantity, which is an unrepresentative contribution to the production loss.
If the event occurs, the actual loss would be large and this could mean a dramatic reduction in the
production availability or deliverability.
Concerning type A, the consequences for production as a result of major accidents in production and
transportation systems are normally considered in the quantitative risk analysis (QRA). The results
from such analysis can be included in the production performance analysis report in order to show all
production loss contributors, and for overall risk management purposes. The use of production loss
category G2 in Table G.1 or production loss category E2 in Table G.4 can be relevant to reveal such
events in the overall analysis results.
Concerning type B, the probability of occurrence of these events and the production consequences
can be part of the analysis model, depending on analysis approach (see e.g. I.5.2). The handling of such
events should be addressed in the analysis and possible uncertainty in results arising from such events
should be mentioned (see D.3.7).
Additional guidance is given in Annex H.
D.3.7 Handling of uncertainty
The uncertainty related to the value of the predicted performance measure should be discussed and,
if possible, quantified. The quantification can have the form of an uncertainty distribution for the
performance measure or a measure of the spread of this distribution (e.g. standard deviation, prediction
interval).
48 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
The main factors causing variability (and hence uncertainty in the predictions) in the performance
measure should be identified and discussed. Also, factors contributing to the uncertainty as a result of
the way the system performance is modelled should be covered.
Importance and sensitivity analyses can be carried out to describe the sensitivity of the input data used
and the assumptions made (see e.g. Reference[83]).
Where stochastic random sampling techniques are applied in production availability analyses,
corresponding mean values along with mean (p50), upper and lower bound (p10 and p90) values should
be reported. See also I.5.2.
© ISO 2018 – All rights reserved 49
ISO 20815:2018(E)
Annex E
(informative)
Reliability and production performance data
E.1 Collection of reliability data
E.1.1 General
Systematic collection and treatment of operational experience is considered an investment and a
means for improvement of production and safety critical equipment and operations. The purpose of
establishing and maintaining databases is to provide feedback to assist with the following:
— product design;
— current product improvement;
— establishing and calibrating the maintenance and the spare-parts programmes;
— condition-based maintenance;
— identifying contributing factors to production unavailability;
— improving confidence in predictions used for decision support.
E.1.2 Equipment boundary and hierarchy definition
A clear boundary description is imperative, and a strict hierarchy system should be applied.
Boundaries and equipment hierarchy should be defined according to ISO 14224:2016, Annex A. Major
data categories are defined as follows:
— installation data: description of installation from which reliability data are collected;
— inventory data: technical description of equipment, plus operating and environmental conditions;
— failure data: failure-event information, such as failure mode, failure impact, failure cause, etc.;
— maintenance data: corrective-maintenance information associated with failure events, and planned
or executed preventive maintenance event information.
E.1.3 Data analysis
To predict the time to failure (or repair) of an item, a probability model should be determined. The
type of model depends on the purpose of the analysis. An exponential lifetime distribution can be
appropriate. The model, if it is expected to delineate a trend, should allow the use of a time-dependent
failure rate.
The establishment of a failure (or repair) time model should be based on the collected reliability data,
using standard statistical methods.
E.2 Qualification and application of reliability data
The establishment of correct and relevant reliability data (i.e. failure and associated repair/down time
data) requires a data-qualification process that involves conscious attention to the original source
of data, interpretation of any available statistics and estimation method for analysis usage. Suitable
50 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
reliability data management and coordination are needed to ensure reliability data collection for
selected equipment and consistent use of reliability data in the various analyses.
Selection of data should be based on the following principles.
— Data should originate from the same type of equipment and, if possible, originate from identical
equipment models.
— Data should originate from equipment using similar technology.
— Data should originate from periods of stable operation, although early-life or start-up problems
should be given due consideration. This also includes data from testing and inspection during the
operation (see Figure 6 in ISO 14224:2016).
— Data should, if possible, originate from equipment that has been exposed to comparable operating
and maintenance conditions.
— Data from laboratory testing, e.g. accelerated lifetime testing and reliability testing during
technology development and technology qualification. In addition, data from performance testing
prior to operation (e.g. FAT and SIT). Such pre-operational data should normally be entitled ‘pre-
operational/ test reliability data’, as opposed to actual field operating experience.
— The basis for the data used should be sufficiently extensive.
— The number of inventories and failure events used to estimate or predict reliability parameters
should be sufficiently large to avoid bias resulting from “outliers”.
— The repair time and down time data should reflect site specific conditions.
— The equipment boundary for the originating data source and analysis element should match as far
as possible (study assumptions should otherwise be given).
— Population data (e.g. accumulated operating time, observation period) should be indicated to reflect
the statistical significance (uncertainty related to estimates and predictions) and the “technology
window”.
— Data sources should be quoted.
Data from event databases (compliant with ISO 14224:2016) provide a relevant basis for meeting these
recommendations. In case of scarce data, it is necessary to use engineering judgement and to do a
sensitivity analysis of input data.
E.3 Production performance data
Production performance data at facility/installation level should be reported in such a way that
systematic production assurance can be carried out. The type of installation and operation determines
the format and structure of performance reporting. Annex G outlines the types of events that are
important to cover for a production facility. It is necessary to establish the relationship between facility-
performance data and critical-equipment reliability data. Assessment of actual performance should
be carried out by the installation operator on a periodic basis in order to identify specific trends and
issues requiring follow-up. The main contributors to performance loss and areas for improvement can
be identified. In this context, reliability techniques can be used for decision-support and calibration of
performance predictions. Comparisons with earlier performance predictions should be done, thereby
gaining experience and provide feedback for future and/or other similar performance predictions.
When reporting production loss, the failure reporting in computerized maintenance management
information system (CMMIS) for the associated equipment, which cause production loss, should apply
ISO 14224:2016 to enable linkage between production critical equipment failure and production loss.
© ISO 2018 – All rights reserved 51
ISO 20815:2018(E)
Annex F
(informative)
Performance objectives and requirements
F.1 General
The specification of production assurance objectives and requirements can be considered for system
design, engineering and purchase of equipment, as well as for operations in defined life cycle periods. In
this respect, IEC 60300-3-4:2007 should also be considered.
In addition, provisions of this annex can be applied when specifying production assurance objectives in
documentation for scope of work, invitation to tender (ITT), etc.
F.2 Specifying production assurance
The purpose of specifying production assurance is to ensure correct handling of safety and production
assurance aspects and to minimize economic risk. The cost of design, production and verification of
the system with a specified level of reliability or production assurance should be considered prior to
stating such production assurance requirements.
Quantitative or qualitative objectives/requirements may be specified. Requirements should be realistic
and should be compatible with the technological state of the art. It should be stated whether the
specification is an objective or a requirement.
High attention should be given to establish well defined and unambiguous reliability objectives and
requirements, enabling suppliers to design reliability into their supplied systems as early as possible in
the project phase.
a) The goals and requirements within a production assurance specification should include, but not be
limited to the following:
— limitations and boundaries;
— application of the system;
— faults, failure modes, and planned/unplanned down time;
— definition of the period of time for which the production assurance requirements apply (e.g.
from first oil and to the end of design life);
— operating conditions and strategies;
— environmental conditions;
— maintenance conditions and strategies;
— methods intended for application to verify compliance with the production assurance
requirements;
— when numerical production assurance requirements are specified, the corresponding
confidence levels should be specified;
— definition of non-conformance to the requirement;
— how non-conformance should be handled.
52 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
b) Quantitative requirements may be expressed on the basis of performance measures, such as the
following:
— production availability (or production unavailability);
— system availability (or system unavailability);
— technical availability (or technical unavailability);
— operational availability (or operational unavailability);
— reliability (survival probability at time t of an item);
— time to failure;
— active repair time;
— preparation and/or delay (e.g. mobilization time for spare parts);
— repair workshop cycle time.
c) Qualitative requirements may be expressed in terms of any of the following:
— design criteria for the product;
— system configuration;
— inherent safety (acceptable consequence of a failure);
— production assurance activities to be performed.
Suppliers meet a variety of reliability requirements ranging from component level, all the way to the
overall field level as presented in Figure F.1. The reliability requirements can be a mix of operator/
project specific requirements combined with references to applicable standards and practices. This
situation can result in ambiguity and lack of consistency and standardisation, and can potentially
reduce the value of the production assurance activities, and should therefore be properly managed by
applying the principles in this document.
© ISO 2018 – All rights reserved 53
ISO 20815:2018(E)
Figure F.1 — Typical reliability requirements — Subsea application example
F.3 Verification of requirement fulfilment
Implicitly, as a result of specifying reliability requirements, the suppliers and operators are expected
to provide documentary evidence that the equipment performance is monitored (ref. Process 9 in
Clause B.7) to assess if required reliability is in practice.
The method of verification of requirement fulfilment should be stated. Verification can be by:
— field or laboratory testing;
— analysis;
— field performance evaluation after delivery;
— documented relevant field experience.
The reliability requirements should as far as practicable be expressed in measurable terms, such that
analytical methods can be used to make judgements on reliability achievement.
Data for calculations should be based on recognized sources of data, such as the results obtained from
operational experience on similar equipment in the field or from laboratory tests. The classification of
reliability data sources in ISO 14224:2016, Table D.5 should be applied. The reliability data should be
agreed between the supplier and the customer.
Considerations should be given to confidence levels and uncertainty in the results, reference is made to
D.3.7 for uncertainty considerations.
Annex E in ISO 14224:2016 provides a list of KPIs that can be relevant for use when defining and in
follow-up of performance objectives and requirements.
54 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
F.4 Safety and environmental considerations
Safety systems have a vital function in petroleum, petrochemical and natural gas industries where such
systems range from simple mechanical safety devices to safety instrumented systems. Safety systems
contribute to meet HSE objectives and requirements, but can also affect production and operations.
Reliability objectives and requirements for safety systems and functions may be defined as part of
the activities described in this annex. HSE related international standards such as ISO 13702:2015,
ISO 15544:2000 and ISO 17776:2016 can be relevant. Reference is made to IEC 61508-1:2010 and
IEC 61511-1:2016 for a description of a framework for specification and management of functional
safety requirements (SIL requirements) for safety systems. Guidance is also provided in Reference[72].
Reference is also made to Annex F in ISO 14224:2016 for aspects related to reliability data for safety
systems, and to ISO/TR 12489:2013 that provides guidance to reliability modelling and calculation of
safety systems. Both documents are essential with respect to realization of safety requirements.
© ISO 2018 – All rights reserved 55
ISO 20815:2018(E)
Annex G
(informative)
Performance measures for production availability
G.1 General
Performance measures for production availability are used in analyses for prediction or planning, as
well as for the reporting of historical performance in the operational phase. The performance measures
include the effect of down time caused by a number of different events. It is imperative to specify in
detail the different type of events and whether they should be included or excluded when calculating
the performance measure. This annex provides a guide to this subject in order to achieve a common
format for performance predictions and reporting among field operators.
Various detailed production-reporting systems exist, but the one selected should enable comparable/
exchangeable field reporting as indicated below.
For a typical hydrocarbon production facility, the following measures can be of interest for predictions
as well as for historical reporting:
a) Production (un)availability of oil for storage or for export, measured at the exit of the process
facility.
b) (Un)availability (time-based) or production (un)availability (volume-based) of water injection.
One can, in addition, estimate the production (un)availability of the production system, taking into
account the production unavailability of water injection.
c) (Un)availability (time-based) or production (un)availability (volume-based) of gas injection. One
can, in addition, estimate the production (un)availability of the production system, taking into
account the production unavailability of gas injection.
d) (Un)availability (time-based) or production (un)availability (volume-based) of utility systems.
One can, in addition, estimate the production (un)availability of the production system, taking into
account the production unavailability of the utility systems.
e) Production (un)availability of gas for export, measured at the exit of the process facility.
f) Production (un)availability of gas for export according to contractual requirements (e.g.
variable contractual nomination) and evaluation of penalties due to failure to fulfil contractual
requirements.
g) Deliverability of gas export, measured at the delivery point and including the effect of compensating
measures.
h) Production (un)availability of the subsea installation in isolation without considering downstream
elements.
i) Loading availability; measured offshore or onshore.
j) On-stream (production) availability; fraction of time the flow out of the system exceeds zero.
k) Demand availability; fraction of time the flow out of the system satisfies demand.
l) (Un)availability of the process facilities in isolation.
m) (Un)availability of gathering or exporting hydrocarbon/petrochemical network (volume-based).
56 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
n) Mean volume of flared gas according to various flaring policies.
o) Top ten contributors to losses with relative values.
Depending on the objective of the study, the above result parameters may be annually established
based on the production profile or for only a specific production period, e.g. the production-plateau
period, first year, maximum-water-production period, etc.
The uncertainty related to the value of the predicted performance measures should be discussed and, if
possible, quantified. For details, see D.3.7.
An illustration of the relationship between some production assurance terms is shown in Figure G.1.
Figure G.1 — Illustration of the relationship between some time-based and volume-based
production assurance terms
G.2 Production availability
G.2.1 Volume-based performance measures
Production availability (and deliverability), PA(T1,T2) over a time interval [T1, T2] is a performance
measure based on volume as defined in Formula (G.1).
VP (T1 ,T2 )
PA (T1 ,T2 ) = (G.1)
VR (T1 ,T2 )
where
VP(T1,T2) is the produced volume over [T1, T2];
VR(T1,T2) is a reference production volume over [T1, T2].
Various types of performance reference measures may be chosen to enable the prediction of reporting
of production availability. Ideally, the same reference level as used in production availability analyses
phases should also be used when reporting historical production availability during the operational
© ISO 2018 – All rights reserved 57
ISO 20815:2018(E)
phase, the latter is typically production efficiency (see 3.1.46, Note 4 to entry). Some alternative
reference measures are given in G.2.2 to G.2.6.
If the reference measures vary throughout the time (see cases G.2.2, G.2.5 and G.2.6), then:
— The estimated produced volume cannot be greater than the reference profile on average over
the time interval basis (daily, monthly, yearly, etc.). In practice, this means that the calculation
assumes that it is not possible to recover the production lost over the plateau period by using the
overcapacity of the system under study when the reference production volume declines. However,
regaining some production loss may be allowed given design capacity is not exceeded by producing
above planned production levels for a limited time period, and the use of production availability
estimation techniques can then reflect this.
— For a profile given on a yearly basis over 20 years, for example, the average of the estimated yearly
production availability values (approach A-yearly average) is not equal to the overall production
availability value estimated over the entire calculation period (approach B-lifetime average).
Indeed, the “arithmetic” average of the estimated yearly values considers that each yearly value
has the same weight within the final average whatever the reference production volume; whereas
the “volumetric” production availability over the entire calculation period gives more weight to the
years with a high reference production volume (i.e. the plateau period). Because both approaches
are correct, it is very important to clearly define from the start which final production availability
value has to be assessed, and to document the selected approach in the results.
— A third approach C can be to predict production availability for only one typical year in the lifetime,
e.g. in plateau period, to be representative for the analysis.
When presenting results of production availability analyses, it is recommended that the mean value
be presented together with the probabilistic distribution values to indicate the potential up- and
downside range.
G.2.2 Contracted volume
If there is a sales contract, the contracted volume is the preferred reference level. The contracted
volume may be specified with seasonal variations (swing). In that case, the swing profile should be
used as the reference level. The contracted volume may also be specified as an average over a period of
time, where the buyer nominates the daily supplies at some time in advance. When reporting historical
production availability or deliverability, the reference-level volume should be the actual nominated
volumes (it should be stated whether these nominations are, e.g. daily, weekly, monthly or yearly based).
In a prediction, a distribution of volumes reflecting the foreseen variations in the nominated volumes
should be used, but the ability of the facilities to deliver the maximum quantity should also be assessed.
G.2.3 Design capacity
The design capacity of the facility may be used as a reference level. This can be an appropriate
reference level when only a part of the production chain, e.g. a process facility, is subject to analysis.
The design capacity is easily available at an early phase in a project. A limitation is that production
can be restricted by factors outside the system boundaries (e.g. well potentials), which can lead to
misleading conclusions. Therefore, it is important to understand how oil or gas export depends on time-
variable capacity limitations in the process design functions, such as oil treatment, gas processing,
water treatment, gas injection, water injection, etc.
G.2.4 Well-production potential
The well-production potential may be a reference level, if it is less than the design capacity. This is
especially the case during the production-decline period, but can also be the case in the production
ramp-up period. It should be kept in mind that reservoir simulations are associated with uncertainty
and should be handled accordingly in the analysis. The well-production potential can be adjusted
during the operating phase.
58 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
G.2.5 Planned production volume assuming no down time (planned or unplanned)
Assuming that there is no down time in the maximum production volume (under the constraints
of design capacities and well-production potentials), then this is the preferred reference level in
production availability predictions, as well as in historical reporting. The uncertainty of reservoir
simulations should be kept in mind. The length of the plateau period and the production rates in the
decline period are uncertain.
Regarding integrating reservoir risk and production performance, it should be ensured that production
profiles are risked only once when they are used as the reference level for a production availability
estimation.
G.2.6 Planned production volume
The planned production volume, when expected down time is considered, may be used as a reference
level when reporting historical production availability in the operational phase. However, the
disadvantage of using this reference level measure, is that the costs of down time are concealed.
The planned production volume can also be set as the forecasted production volume for a defined
time period of the planned initial operational life cycle phase (e.g. first year of planned production) as
defined during project sanction decision making. The actual production volume for this planned time
period can then be measured towards this forecasted volume using Formula (G.1). This production
performance measure can then utilize project schedule loss categories (ref. loss category H in Table G.1)
and other loss categories (e.g. loss category A1 - reservoir uncertainties) for providing information of
deviations from original forecasted production volume.
G.2.7 Time-based performance measures
In addition to the volume-based performance measures, time-based measures can be used to calculate
AO, the average operational availability expressed as a ratio, as given in Formula (G.2):
Tu
AO = (G.2)
Tu + Td
where
Tu is the mean up time (MUT), estimated by using the actual up time observed in the field;
Td is the mean down time (MDT), estimated by using the actual down times observed in the field.
This down time includes planned and unplanned down time.
This operational availability corresponds to KPI number 7 in ISO 14224:2016, Table E.3. The technical
availability is given as KPI number 8 in ISO 14224:2016, Table E.3.
The taxonomic level (see ISO 14224:2016, Figure 3) where this measure is used is preferably on system
level or equipment item level, but can be used at plant or installation level.
The advantage of using operational availability as a time-based performance measure is that up time
and down time is easy to establish compared to the reference level of the volume-based measures. On
the other hand, the disadvantage is that this measure is not well suited to handle partial shutdowns. In
some cases, the measure can be modified by defining up time and time in operation as well-years.
G.3 Production and time loss categories
The production availability parameter described in Clause G.2 is a single figure representing the
average performance of a defined system. However, it is only one of several parameters that can be
used. In downstream industries in particular, a wide range of performance measures is utilized.
© ISO 2018 – All rights reserved 59
ISO 20815:2018(E)
These other parameters can include or exclude specific sources of loss of production or provide
information about how the losses are expected to occur. In some cases, this can be of equal or greater
importance than the overall production availability figure, for example the interruption frequency can
be a key element of a gas-supply system.
Whatever measures are used for an analysis, it is necessary to state explicitly the basis on which they
are calculated.
Tables G.1, G.4, G.5 and G.6 provide guidance on the events that should be included in production
availability predictions and the reporting of historical production availability for a production system
(i.e. volume-based performance measures). The production loss is a volume associated with an activity
or an event that results in reduced utilization of production potential within a period of time. Production
loss is registered according to the loss categories. The production loss volume being reported depends
on the facility and can be oil, gas, condensate, etc. Time-based availability predictions or statistics can
apply to the same event categorization (see Tables G.2 and G.3). Event categorization for other specific
operations (e.g. pipe laying) and its associated system/equipment typically have another format, which
is necessary to specify as required. Battery limits for the facilities, as well as any third-party processing,
tie-ins, subsea installations, etc., should be clearly defined.
Tables G.1 to G.6 refer to one of the following business categories: upstream (Tables G.1 to G.3),
midstream (Table G.4), downstream (Table G.5) and petrochemical (Table G.6). Examples of installations
or plants/units for each of these business categories are given in ISO 14224:2016, Tables A.1 and A.2.
It is important to distinguish between the production (or time) loss categorization shown in Tables G.1
to G.6 and the equipment failure and maintenance data requirements shown in ISO 14224:2016. This
relationship is also addressed in Annex E.
Table G.1 — Production facilitya — Production loss categories
Type of activity or event Comments
A Wells “Wells” covering downhole well completion equipment from (and including) the
(downhole and subsea/ tubing hanger downwards to (and including) the reservoir, for surface and subsea
surface) completed wells. See also downhole well completion equipment in ISO 14224:2016,
Table A.107. The subsea or surface wellhead and X-mas tree equipment are covered
in loss categories B and C, respectively. See also ISO 14224:2016, Table A.90 and
Table A.115, respectively.
A1 Reservoir uncertain- Production losses due to reservoir uncertainties (e.g. reservoir production less
ties than anticipated).
NOTE Can also be positive if reservoir produces more than anticipated; hence, it
can be necessary to alter the reference level for the performance measurement.
A2 Planned reservoir Production losses arising from planned activities to the reservoir, e.g. logging,
interventions fracturing, re-perforating, etc. The production availability impact depends on
test design and procedures.
The production down time and loss caused by the activity should be included. A
possible positive effect on the production rate should also be considered, since
this can influence the reference level for the performance measure.
The reference level may be raised afterwards, but the investment to achieve this
appears as a loss.
A3 Unplanned reser- Production losses arising from unplanned intervention in the reservoir. As in pro-
voir interventions duction loss category A2, the production down time and loss caused by the activity
should be included, and it can require altering the performance reference level.
A4 Well production Production losses occurring whilst well production testing to check well produc-
testing tion potential. Such type of reservoir testing has various production-loss impacts,
depending on the configuration, available test equipment (flowmeter, test separa-
tor, test lines) and operational test procedure used.
a The production facility can be an installation or a plant/unit (or field infrastructure) for upstream business category,
as shown in ISO 14224:2016, Tables A.1 and A.2. The production loss categories A to G in this table cover losses within the
value chain: wells – process – export. The production loss category H covers pre-production phase that can used when the
delayed production due project schedule delays is addressed.
60 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table G.1 (continued)
Type of activity or event Comments
A5 Downhole well Production losses occurring until the initiation of well intervention. It covers
equipment failure preparation and/or delay. ISO/TR 12489:2013, Table 5 and ISO 14224:2016,
Table 4 provide useful information to define precisely what to be covered in the
loss category A5 versus A6.
A6 Unplanned down- Production losses arising from the active repair of downhole well equipment fail-
hole well interven- ures (also called workover), including losses related to heavy lifts. Reliability-based
tion contingency preparedness is anticipated by proper maintenance supportability and
maintainability that can influence the scheduling and duration of well intervention.
A7 Planned downhole Preventive maintenance for downhole well equipment. Production losses arising
well interventions from periodic equipment testing (e.g. DHSV) and well inspection/ surveys. Also
or activities includes planned re-completions, zonal isolations, side-tracks, SIMOPS activities, etc.
A8 Flow assurance Production losses related to flow-assurance problems (e.g. hydrates, scaling,
(unplanned) wax, asphaltenes), exclusively from and not accounted on the production loss
categories A1 to A7.
A9 Post-modification Reduction or shutdown in production caused by a modification project (after run-
impact in), e.g. side-tracking, re-completion, etc.
B Subsea installations Covers subsea X-mas tree, subsea flowlines or subsea pipelines, subsea production
control (e.g. dynamic and static umbilicals), subsea manifolds, subsea valves and
risers. Subsea processing and associated subsea electrical power distribution is
also covered. Hence, all equipment subsea from tubing hanger to riser/umbilical
topside/onshore termination. See also ISO 14224:2016, A.2.6 for subsea equipment
classes that can be covered. Production loss in the subsea export facilities (e.g.
export riser and SSIV) can be covered in loss category E4.
B1 Subsea equipment Production losses occurring until subsea intervention starts.
failure
This category normally also covers category B4 as an event is usually logged
against equipment.
B2 Unplanned subsea Production losses arising from active repair of failed subsea equipment and
intervention may include downhole/other intervention required to undertake subsea repair.
Reliability-based contingency preparedness is anticipated by proper maintenance
supportability and maintainability that can influence the scheduling and duration
of subsea intervention.
B3 Planned subsea Preventive maintenance for subsea equipment. Production losses arising from
interventions or planned activities that include preventive maintenance (e.g. X-mas tree), planned
activities flow-assurance activities, testing, inspection, etc., on subsea equipment.
B4 Flow assurance The production down time and loss related to flow-assurance problems (e.g. hy-
(unplanned) drates, scaling, wax, asphaltenes, etc.).
B5 Post-modification Reduction or shutdown in production caused a modification project (after run-in),
impact for example new subsea template/subsea manifold tie-ins.
C Production facilities Topside and onshore developments covering production facilities (e.g. dry X-mas
trees, topsides manifolds and piping, valves and onshore pipelines, etc.). See also
ISO 14224:2016, Table A.3 for upstream related systems that can be covered.
C1 Production facilities Production losses occurring until corrective maintenance starts.
equipment failure
C2 Unplanned produc- Production losses arising from repair of failure, which may include other mainte-
tion facilities main- nance required to undertake repair. Reliability based contingency preparedness
tenance is anticipated, by proper maintenance supportability and maintainability that can
influence the scheduling and duration.
C3 Planned production Production losses arising from planned activities that include preventive main-
facility maintenance tenance (pigging), testing, inspection, etc., on equipment.
a The production facility can be an installation or a plant/unit (or field infrastructure) for upstream business category,
as shown in ISO 14224:2016, Tables A.1 and A.2. The production loss categories A to G in this table cover losses within the
value chain: wells – process – export. The production loss category H covers pre-production phase that can used when the
delayed production due project schedule delays is addressed.
© ISO 2018 – All rights reserved 61
ISO 20815:2018(E)
Table G.1 (continued)
Type of activity or event Comments
C4 Flow assurance The production down time and loss related to flow-assurance problems.
(unplanned)
C5 Post-modification Reduction in or shutdown of production caused by a modification project (after
impact run-in), e.g. pipeline tie-ins.
D Process and utilities Covers process and utility functions located topsides or onshore. See also
ISO 14224:2016, Table A.3 for upstream related systems that can be covered.
D1 Equipment failure Production losses related to failure and corrective maintenance; the corrective
and repair maintenance itself can be split, if needed. This covers failure of utility systems
(e.g. methanol), auxiliary systems (e.g. main power), etc.
D2 Preventive Reduction in production caused by the execution of preventive maintenance (e.g.
maintenance due to safety-barrier procedures); includes equipment testing of topsides safety
equipment that affects production.
D3 Process/ Process upsets due to separation problems, low set points for sensors, testing/
operational diagnosing process facilities. It also includes human errors that cause production
problems losses and may also include losses due to burn-in (early life failure) of modification
projects and flow assurance issues.
D4 Post-modification Reduction in or shutdown of production caused by a modification project (after
impact run-in), e.g. well compression, tie-ins from other facilities, etc.
E Export facilities Covers main export activities of tanker offtake or pipelines.
E1 Storage limits Shutdowns caused by full storage on offshore platform, FPSO or dedicated FSU.
E2 Loading operations Unplanned shutdowns caused by cargo handling/inert gas/ballast and/or other
offloading equipment failures. Planned shutdowns.
E3 Shuttle tanker delay Shutdowns caused by external issues, such as a shuttle tanker being unable to
accept cargo due to weather or technical reasons.
E4 Export pipeline Shutdowns in pipeline transportation system. Subsea pipeline coverage is given
in ISO 14224:2016, A.2.6.7.
E5 Downstream Planned, and/or unplanned shutdowns caused by downstream receiving/process
restrictions facilities outside the boundary limits (third-party issues). It may also cover third-
party processing within a field infrastructure. Turnarounds for downstream
facilities are also covered in this loss category. Downstream restrictions can be
in a midstream, downstream or petrochemical installation.
E6 Flow assurance Flow assurance problems for processed products in pipeline, both planned (e.g.
pigging) or unplanned (e.g. hydrate plug removal).
F Turnaround and —
modification
F1 Turnaround Full shutdown due to integrity management or regulatory requirements.
It is important to capture losses due to the planned period of the turnaround and
also losses from any unplanned extension to the turnaround.
F2 Modification Full shutdown due to modification (e.g. tie-in or major module installation/ modi-
fication). Losses arising after run-in (post-modification) are recorded in category
A9, B5, C5 or D4.
It is important to capture losses due to the planned period of the modification and
also losses from any unplanned extension to the modification.
G Other —
G1 Bad weather Production impact due to weather.
a The production facility can be an installation or a plant/unit (or field infrastructure) for upstream business category,
as shown in ISO 14224:2016, Tables A.1 and A.2. The production loss categories A to G in this table cover losses within the
value chain: wells – process – export. The production loss category H covers pre-production phase that can used when the
delayed production due project schedule delays is addressed.
62 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table G.1 (continued)
Type of activity or event Comments
G2 Safety and Safety or environmental related events or shutdown required due to safety con-
environmental tingency (e.g. ship collision risk) or accidental spill of oil, chemicals or synthetic
materials, where there has been or can be a significant effect of pollution on the
environment.
G3 Labour conflicts —
G4 Environmental Reduced production to accommodate environmental discharge permits/ discharge
permits/limits limits (flaring, produced water disposal, oil in water limits, chemical discharge
limits, etc.)
G5 Security Terrorism, riots, etc.
G6 Authority restric- Restrictions by country regulatory bodies, national quotas, OPEC, etc.
tions
G7 Product quality Out of product specification (below and above specification).
deviations
G8 Commercial Losses caused by production constraints due to commercial aspects of the business
H Pre-production —
H1 Project schedule Losses due to slippage of actual first-oil date from planned first-oil date due to
delays project delays.
Wells and facility schedule losses should be reported in categories H2 and H3.
H2 Wells schedule Production losses due to slippage of drilling programme, resulting in the actual
delays reservoir potential being less than the planned reservoir potential due to wells
starting late. This can be compensated if the wells have a higher-than-expected
flow rate.
Only applicable in ramp-up and plateau phases and can require altering the
performance reference level.
H3 Facilities schedule Production losses associated with equipment not being operational on the
delays planned start dates or taking longer to commission and ramp up to maximum
capacity.
Only applicable in ramp-up phase.
a The production facility can be an installation or a plant/unit (or field infrastructure) for upstream business category,
as shown in ISO 14224:2016, Tables A.1 and A.2. The production loss categories A to G in this table cover losses within the
value chain: wells – process – export. The production loss category H covers pre-production phase that can used when the
delayed production due project schedule delays is addressed.
© ISO 2018 – All rights reserved 63
ISO 20815:2018(E)
Table G.2 — Upstream drilling riga — Time loss categories
Type of activity or event Comments
A Rig drilling Reporting of drilling-rig time loss; covers platform rigs, mobile drilling units,
etc., and covers, e.g. drilling, regular BOP and safety-equipment-related activi-
ties, logging/coring, orienting the well, running and cementing casings/liners
activities and others; exploration and production drilling.
A1 Moving from one Activities carried out to move the rig from one location to another, such as re-
well to the next moving and re-installing anchor lines of floating rigs in offshore scenarios.
NOTE This is normally not a time loss category for one rig operation, but can be
used to reflect drilling rig fleet utilization.
A2 Rig down time due Activities developed to repair equipment that is essential to proceed with
to rig equipment normal operations, including possible safeguards on the well for repairing and
failure others, e.g. setting a temporary plug in the well, pulling/running/repairing/re-
installing the BOP, other repair-related activities, including to accessories such
as logging tools.
NOTE The time loss arising due to rig equipment failure can be further cat-
egorized using the drilling equipment classes and/or other relevant equipment
categories in ISO 14224:2016, Table A.4.
A3 Rig down time due Combating a possible kick, fishing activities, re-setting or correcting the well-
to well problems head installation, reaming, re-drilling, working on a mechanically unstable well,
adjusting drilling-fluid parameters, correcting cement job, and others.
A4 Waiting on opera- Waiting for something to proceed with intervention operations, e.g. waiting on
tions weather, spare parts, materials or others.
a The drilling rig can be an installation or a plant for the upstream business category, as shown in ISO 14224:2016, Tables A.1
and A.2. The time loss categories A1 to A4) in this table cover losses for a separate drilling rig or a drilling rig located as part
of another upstream facility. Any production loss arising from the drilling rig operations is covered in Table G.1. The time loss
categories can also be used for a drilling rig fleet. Further guidance for reporting of time loss during drilling operations can
exist, and will typically reflect in further detail the operational phase (activities) when a time loss occurs.
64 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table G.3 — Upstream installation and intervention vessela — Time loss categories
Type of activity or event Comments
A Intervention and Covers all major intervention equipment, including platform rigs, mobile drilling
workover units, coiled tubing systems, ROVs; includes checking or setting safety barri-
ers in the well before intervention, regular BOP and safety-equipment-related
activities, running/installing X-mas tree, gravel packer and tubing activities,
and others.
Installation (e.g. completion, pipe-laying, subsea equipment) and intervention
(e.g. workover, manifold retrieval).
A1 Moving from one Activities carried out to move the installation or intervention resources from
location to the one location to the next one.
next one
NOTE This is normally not a time loss category for one installation or interven-
tion operation, but can be used to reflect vessel fleet utilisation.
A2 Installation and Activities developed to repair equipment that is essential to proceed with
intervention equip- normal operations, including possible safeguards on the well for repairing and
ment failure others, e.g. setting a temporary plug in the well pulling/running/repairing/re-
installing the BOP; other repair-related activities; including to accessories such
as logging tools.
NOTE The time loss arising due to equipment failure can be further categorized
using relevant equipment classes in ISO 14224:2016, Table A.4.
A3 Waiting on Waiting for something to proceed with intervention operations, e.g. waiting on
operations weather, spare parts, materials or others.
a The installation and intervention operation for the upstream business category can involve a variety of installations
and plants, e.g. MODU, SISV or installation vessel; see ISO 14224:2016, Tables A.1 and A.2. Any production loss arising
from these operations can be addressed separately using Table G.1. The time loss categories can also be used for e.g. an
intervention vessel fleet. Further guidance for reporting of time loss during operations can exist, and will typically reflect
in further detail the operational phase (activities) when a time loss occurs.
Table G.4 — Midstream facilitya — Production loss categories
Type of activity or event Comments
A Pipeline Covers only line pipe, flanges, block valves, etc.
A1 Planned interven- Losses associated with planned activities that include preventive maintenance,
tions testing, inspection, inspection pigging, surveys, etc.
A2 Unplanned activi- Production impact arising from repair of pipeline failure, including third-party
ties and equipment damage; also includes logistic delays.
failures
Plus geotechnical problems: pipeline movement, river crossing wash outs, etc.
A3 Flow assurance Flow assurance (hydrates, etc.), flow-assurance pigging plus failure of drag-
reducing agents.
A4 Post-modifications Losses associated with modification work, i.e. tie-ins.
impact
A5 Downstream These are shutdowns caused by downstream process/receiving facilities outside
process shutdowns the boundary limit of the terminal (third-party issues).
and restrictions
B Pump/Compressor All equipment and activities within boundary limit of the pump/compressor sta-
station tion, including process and utilities (power, chemicals, instrument air, etc.).
B1 Planned interven- Losses associated with planned activities that include preventive maintenance,
tions safety testing, inspection, etc.
B2 Unplanned activi- Losses associated with unplanned activities, e.g. failure of prime movers and utili-
ties and equipment ties (instrumentation, power, etc.).
failures
a The midstream facility can be an installation or a plant (or infrastructure) for the midstream business category, as
shown in ISO 14224:2016, Tables A.1 and A.2. The production loss categories A to E in this table cover losses within this part
of the value chain, and battery limits will need to be properly defined to differentiate between production losses covered
by Table G.1 and Table G.5.
© ISO 2018 – All rights reserved 65
ISO 20815:2018(E)
Table G.4 (continued)
Type of activity or event Comments
B3 Process/ Process upsets, including logistic delays (e.g. on unmanned facilities); real trips
operational including human errors.
problems
B4 Post-modifications Losses associated with modification work, i.e. adding new pumps/compressors
impact to increase capacity.
C Terminal Oil/condensate terminal (all production losses described in categories B1 to B4
preceding and the production losses listed in categories C1 to C3).
C1 Offloading These are shutdowns caused by (e.g. full-storage) offloading equipment failures or
the tanker not being present, loading stopped due to bad weather, etc.
C2 Downstream These are shutdowns caused by downstream process/receiving facilities outside
process shutdowns the boundary limit of the terminal (third-party issues).
and restrictions
C3 Product quality Product out of specification (below or above specification).
deviation
D LNG plants, gas Including all production losses described in categories B1 to B4 preceding and the
plants, etc. production losses listed in categories D1 and D2).
D1 Product quality Product out of specification (below or above specification).
deviation
D2 Downstream These are shutdowns caused by downstream process/receiving facilities outside
process shutdowns the boundary limit of plant (third party issues).
and restrictions
E Other —
E1 Turnarounds Can be considered as excluded both in predictions and for historical reporting (e.g.
when turnarounds are defined in sales contracts).
E2 Accidental events Safety-related events.
Down time caused by major accident type of nature should be reported separately
in predictions.
E3 Environmental Reduced production to accommodate environmental discharge permits/ discharge
permits/limits limits (flaring, water disposal, oil in water limits, chemical discharge limits, etc.).
a The midstream facility can be an installation or a plant (or infrastructure) for the midstream business category, as
shown in ISO 14224:2016, Tables A.1 and A.2. The production loss categories A to E in this table cover losses within this part
of the value chain, and battery limits will need to be properly defined to differentiate between production losses covered
by Table G.1 and Table G.5.
Table G.5 — Downstream facilitya — Production loss categories
Type of activity or event Comments
A Downstream facility Process plants typically consist of a number of process units
A1 Equipment failure Production losses related to failure and corrective maintenance. This covers failure
and repair of process and utility systems, such as power, instrumentation.
A2 Preventive Losses associated with planned activities that include preventive maintenance
maintenance (periodic test of safety equipment, testing and inspection, etc). See also Figure 6
in ISO 14224:2016.
A3 Process/ Process upsets, including logistic delays, real trips and human errors.
operational
problems
A4 Product quality Losses arising from product out of specification requiring that it needs to be re-
deviation processed, disposed or given away.
a The downstream facility can be an installation or a plant (or infrastructure) for the downstream business category, as
shown in ISO 14224:2016, Tables A.1 and A.2. The production loss categories A1 to A9 in this table cover losses within this
part of the value chain. The battery limits will need to be properly defined, also with respect to interfaces to production
losses covered by Table G.4.
66 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table G.5 (continued)
Type of activity or event Comments
A5 Domino losses Losses caused by shutdown/slowdown of other process units.
A6 Turnaround and Losses associated with planned turnarounds (major overhauls of process units
modification planned well in advance). It is important to capture losses due to the planned period
of the turnaround and also losses from any unplanned extension to the turnaround.
A7 Commercial Losses caused by production constraints due to commercial aspects of the business.
A8 Accidental events Safety-related events.
Down time caused by major accident type of nature should be reported separately
in predictions.
A9 Environmental Reduced production to accommodate environmental discharge permits/ discharge
permits/limits limits (flaring, water disposal, oil in water limits, chemical discharge limits, etc.)
a The downstream facility can be an installation or a plant (or infrastructure) for the downstream business category, as
shown in ISO 14224:2016, Tables A.1 and A.2. The production loss categories A1 to A9 in this table cover losses within this
part of the value chain. The battery limits will need to be properly defined, also with respect to interfaces to production
losses covered by Table G.4.
© ISO 2018 – All rights reserved 67
ISO 20815:2018(E)
Table G.6 — Petrochemical facilitya — Production loss categories
Type of activity or event Comments
A Petrochemical facility Petrochemical process plants typically consist of a number of process units.
A1 Equipment failure Production losses related to failure and corrective maintenance. This covers failure
and repair of process and utility systems, such as power, instrumentation.
A2 Preventive Losses associated with planned activities that include preventive maintenance,
maintenance (periodic test of safety equipment, testing and inspection, etc.). See also Figure 6
in ISO 14224:2016.
A3 Process/ Process upsets, including logistic delays, real trips and human errors.
operational
problems
A4 Product quality Losses arising from product out of specification requiring that it needs to be re-
deviation processed, disposed or given away.
A5 Domino losses Losses caused by shutdown/slowdown of other process units.
A6 Turnaround and Losses associated with planned turnarounds (major overhauls of process units
modification planned well in advance). It is important to capture losses due to the planned period
of the turnaround and also losses from any unplanned extension to the turnaround.
A7 Commercial Losses caused by production constraints due to commercial aspects of the business.
A8 Accidental events Safety-related events.
Down time caused by major accident type of nature should be reported separately
in predictions.
A9 E n v i r o n m e n t a l Reduced production to accommodate environmental discharge permits/ discharge
permits/limits limits (flaring, water disposal, oil in water limits, chemical discharge limits, etc.)
a The petrochemical facility can be an installation or a plant (or infrastructure) for the petrochemical business category,
as shown in ISO 14224:2016, Tables A.1 and A.2. The production loss categories A1 to A9 in this table cover losses within
this part of the value chain, and battery limits will be needed to related interfaces to production losses covered by Table G.4.
68 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Annex H
(informative)
Relationship to major accidents
H.1 General
Risk analysis (e.g. QRA) and emergency preparedness analysis (see Clause I.20) will include serious
and infrequent hazardous events that can cause long-term shutdown of production or operation, and
that can imply major loss or even zero production or plant/system operation over a long time. These
events fall within the category of major accidents (see 3.1.32) and should be distinguished from other
infrequent events that are considered in the analyses of production availability and deliverability. The
major accidents should be treated separately in production performance analyses (see D.3.6).
The main purpose of this annex is to advise that there is a need in production performance analysis
to highlight this in the analysis work, and rather refer to the risk analysis (e.g. QRA) and emergency
preparedness analysis where such events are analysed. This means that the total production
unavailability or total system unavailability can be lower than what is predicted in the production
performance analysis. The project risk management for asset or facility would need to manage this total
risk picture, as some of the events causing major accidents can also benefit from using this document
(e.g. risk-reduction by equipment reliability management).
Typical major offshore accidents can be caused by hazards and accident conditions, such as the following
(ref. also NORSOK Z-013:2010):
1) process accidents (unignited and ignited leaks, fires and explosions);
2) risers/landfall and pipeline accidents;
3) storage accidents (liquid and gas);
4) loading/offloading accidents;
5) blowouts and well releases;
6) accidents in utility systems (leaks of chemicals, fires, explosion of transformers etc.);
7) accidents caused by external impact and environmental loads, e.g. collision, falling/swinging loads,
helicopter crash, earthquake, waves;
8) structural failure (including gross errors);
9) loss of stability and/or buoyancy (including failure of marine systems).
In addition, security issues can be considered in the context of risk analysis. The term threat should only
be used for such security considerations, and not be mixed with other equipment failure characteristics,
as threat is related to an intended action. See ISO 22300:2012.
Important factors in the analysis of major accidents are considered in more detail in the remainder of
this annex.
The purpose of the availability analyses is to predict the actual production availability, A, for the
installation for the time period considered. This quantity is uncertain (unknown) when the analysis is
carried out and it is necessary to predict it. The uncertainty related to the value of A can be expressed by
a probability distribution H(a), with mean or expected value, Ᾱ being the predictor of A. A Monte-Carlo
study of the production availability is generally performed by generating a sequence of independent,
© ISO 2018 – All rights reserved 69
ISO 20815:2018(E)
identically distributed quantities, for example A1, A2, ..., An, from the probability distribution, H(a). The
distribution can be estimated from the sample A1, A2, ..., An.
In theory and as far as the uncertainty distribution H(a) is concerned, there is no problem in including
major accidents in this analysis. If a major accident results in a production loss, z, and its associated
probability equals p, this can be reflected in the distribution, H. However, using the “full distribution”
makes it difficult to predict A using the expected value. In this case, the spread around the mean would
be very large and the probability density can have a bimodal form very different from the typical
Gaussian distribution. The case is that the expected value of the contribution from the major accident
is normally a rather small quantity, namely p·z, which is an unrepresentative contribution to the
production loss. If the major accident type of event occurs, the actual loss would be z and this can mean
a dramatic reduction in the production availability, A.
If the time period considered is long, then the probability that a major accident will occur can be quite
large, and consequently the contribution p·z significant. Hence, in such cases, the inclusion of major
accidents is more meaningful.
H.2 Criterion for attention in analyses
The consequences for production as a result of major accident in production and transportation systems
may be identified in a production availability analysis, but it is recommended to refer to the risk analysis
(e.g. QRA). In general, major accidents should be included in overall risk and financial analyses, but not
in production availability analysis. The PAP can be used to give criteria for how defined major accidents
are handled by e.g. defining a probability of occurrence for the lifetime applicable for the analysis and
the production loss in case of an occurrence of these major accidents.
It should be considered to refer to the predicted production availability loss value estimated, if this is
a part of the QRA. This enables a consistency check of the framework conditions and reference level,
making it comparable to predictions in the production availability analysis.
In analyses limited to subsystems, one should consider case-by-case whether the major accidents
should be included.
70 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Annex I
(informative)
Outline of techniques
I.1 General
Production performance analyses, such as reliability and availability analyses, are systematic
evaluations and calculations that are carried out to assess the performance of a system. The system
can in this context be at different taxonomic levels (see ISO 14224:2016, Annex A), for example, it can
be an overall production or transportation system, a compression train, a process shutdown system,
a drilling and well system or, it can be a pump or a valve. These analyses are part of a production
assurance programme (PAP).
It is useful to apply the following as a guide:
— Production performance analysis considers the production from facilities with several production
levels, e.g. offshore or onshore production systems, installation(s) or operation(s).
— Availability analysis considers the up times of two states (running/not running) of items
(components, equipment, units and systems).
— Reliability analysis considers the first failure of two states of items (components, equipment, units
and systems).
Reliability is important for safety and production performance. In the context of a PAP, it can be used to
evaluate the probability that the first failure occurs after a given period of time.
Availability is mainly focused on the time during which an item is running correctly. In the context of a
PAP, it can be appropriate for single components or for production trains made of component in series.
It may also be used to perform “availability allocations” in order to establish the requirements for the
providers of such components.
This annex briefly describes the following analysis methods and techniques:
— failure modes and effects analysis (I.2);
— fault tree analysis (I.3);
— reliability block diagram (I.4);
— Monte-Carlo simulation (I.5.2);
— behavioural modelling (I.5.3);
— flow network analysis (I.5.4);
— Petri net analysis (I.5.5);
— design reviews (I.6);
— hazard and operability study (I.7);
— performance and operability review (I.8);
— reliability testing (I.9);
— human factors (I.10);
© ISO 2018 – All rights reserved 71
ISO 20815:2018(E)
— software reliability (I.11);
— dependent, common cause and common mode failures (I.12);
— life data analysis (I.13);
— reliability-centred maintenance analysis (I.14);
— risk-based inspection analysis (I.15);
— test interval optimization (I.16);
— spare parts optimization (I.17);
— methods of structural reliability analysis (I.18);
— life cycle cost analysis (I.19);
— risk and emergency preparedness analyses (I.20);
— technology maturity assessment (I.21);
— Markov process analysis (I.22);
— Bayesian belief network (I.23);
— life time extension analysis (I.24);
— analysis on weather influence on production performance (I.25);
— loading performance analysis (I.26).
Reference can be made to the documents cited in these clauses or to reliability analysis textbooks for
more detailed descriptions.
I.2 Failure modes and effects analysis
A summary of failure modes and effects analysis (FMEA) and failure mode, effect and criticality analysis
(FMECA) is given in Table I.1.
72 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table I.1 — Failure modes and effects analysis (FMEA) and failure mode, effect and criticality
analysis (FMECA)
Analysis elements Summary
Analysis description Two bottom-up techniques for analysing and establishing systematically the effects of
potential failure modes.
Objective of analysis FMEA is a systematic technique for establishing the effects of potential failure modes
within a system. The analysis can be performed at any level of assembly. This can be done
with a criticality analysis, in which case it is called an FMECA.
FMECA is a semi-quantitative analysis, where the failure probability and the consequence
data are used to assess the criticality of each failure mode. It is a systematic methodol-
ogy to increase the inherent reliability of a system or product. It is an iterative process of
identifying failure modes, assessing their probabilities of occurrence and their effects on
the system, isolating the causes, and determining corrective actions or preventive meas-
ures. When the analysis is done from a functional standpoint, it is usually performed at
a plant or unit level, whereas if the focus is on the hardware, it usually descends down to
the maintainable-item level. The amount of data required is different depending on the
focus (see Tables I.2 to I.4 for details).
While it is most often used in the early stages of the design process to improve the inherent
reliability, the FMECA technique is equally useful in addressing system safety, availability,
maintainability, or logistics support.
Reference to existing MIL-STD-1629A:1998
standards
IEC 60812:2006
Overall need for The analysis is an inductive and systematic process in which individual failures at com-
information ponent level are generalized into potential failure modes at system level. The structured
method consists of the following steps:
a) system definition (both from functional and hardware standpoints);
b) identification of failure modes (it is necessary that it includes the operational and
environmental conditions present when failure occurs);
c) determination of failure causes (understanding of the related failure mechanism
and identification of the lowest level in hierarchy affected);
d) assessment of effects (in terms of system performance, reliability, maintainability
and safety);
e) identification of detection means (to verify that suitable detection means exist for
all critical failure modes);
f) classifications of severity (to assign priorities to corrective actions; typically with 3
or 4 levels);
g) estimation of probability of occurrence (from failure rates based on experience or
public data bases or classification into 3 or 4 levels by using engineering judgement);
h) computation of the criticality index (a combination of the probability of occurrence
and the severity of the failure);
i) determination of corrective action (by eliminating the cause of the failure,
decreasing their probability of occurrence, improving failure detection or reducing
the severity of the failure).
© ISO 2018 – All rights reserved 73
ISO 20815:2018(E)
I.3 Fault tree analysis
A summary of the fault tree analysis (FTA) is given in Table I.2.
Table I.2 — Fault tree analysis (FTA)
Analysis elements Summary
Analysis description This is a graphical top-down method used to analyse the logical links between failure of an
overall system and the failures of its components and to perform probability calculations.
Objective of analysis There are several objectives such as the following examples:
— build a graphical representation of the combinations of the individual components
failures that lead to failure of the whole system and, by doing so, obtain the Boolean
equation linking the undesirable event (at the whole system level) to the failure of
the individual components;
— analyse qualitatively the reliability/availability (see Notes 1 to 4) of the system
by identifying the combinations of basic failures leading to the undesirable event.
These combinations of failures are the so-called “minimal cut sets” (coherent FT) or
“prime implicants” (non-coherent FT);
— analyse semi-quantitatively the reliability/availability (see Notes 1 to 4) of the
system by sorting its minimal cut sets (or prime implicant) in order of decreasing
probabilities;
— calculate the probability of failure (see Notes 1 to 3) of the whole system;
— evaluate various importance factors in order to assess the impact of the failures of
the individual components;
— evaluate the impact of the individual input uncertainties over the result(s).
Reference to existing IEC 61025:2006
standards
Overall need for A fault tree represents a Boolean process, which is used to calculate the probability of
information the corresponding overall event from the individual probabilities of the basic events
appearing in the formula. Therefore, the inputs used are the pure probabilities of fail-
ures, for which it is necessary to evaluate from the reliability parameters of the related
components:
— probability of failure;
— probability of human error;
— failure frequency;
— failure rates, repair rates;
— test interval, test efficiency.
Notes NOTE 1 FTA normally deals with two-states components and systems.
NOTE 2 From probabilistic calculation point of view, an FT allows to combine the time-
independent probabilities of its leaves to obtain the time-independent probability of
failure of the modelled system. Nevertheless, when the leaves behave independently all
along the time, an FT can be used to calculate the unavailability or the failure frequency
of the modelled system.
74 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table I.2 (continued)
Analysis elements Summary
NOTE 3 Except when some hypotheses (e.g. no repair) are met, unreliability cannot be
exactly assessed by using FTA. Nevertheless, when failures are quickly revealed and re-
paired, FT can be used to calculate the conditional failure intensity (Vesely failure rate,
see ISO/TR 12489:2013, 3.1.21), which leads to good approximation of the system unreli-
ability (see IEC 61078:2016).
NOTE 4 FTA can be used to analytically calculate the unavailability of a production sys-
tem, but is not suited to assess its production availability when several production levels
are taken under consideration.
NOTE 5 FTA is also a very good support for performing common cause failure analyses,
sensitivity analyses and uncertainty analyses.
NOTE 6 The fault tree can also be used in combination with cause-consequence diagram
to analyse underlying causes of the event failure
NOTE 7 FT and MPA can be mixed within FT driven Markov processes where small Markov
processes are used to models the leaves of the FT and where the FT provides the logic
linking the leaves (see ISO/TR 12489:2013). This allows to build Markov models for large
systems and prevent the combinatorial explosion of the number of states.
NOTE 8 The state of the art in Boolean calculation is to use the binary decision diagrams
(see IEC 61078:2016). This allows to handle large models, with many repeated events
(leaves) and encompassing millions of cut sets, in short computation time.
I.4 Reliability block diagram
A summary of a reliability block diagram (RBD) is given in Table I.3.
Table I.3 — Reliability block diagram
Analysis elements Summary
Analysis description Formally this is a logic diagram representing how a system works and allowing probabilistic
calculations. An RBD is made of two-states boxes (representing individual components)
linked together according to the functional logic of the overall system.
Objective of analysis The purpose of RBD is to build a logical model remaining as close as possible to the system
architecture and representing those components that need to be operating/failed in order
that the overall system be operating/failed. An RBD is generally an output of the functional
analysis of the system under study.
From a logical point of view, an RBD represents a Boolean equation. It is equivalent to
a fault tree and can be used for exactly the same purpose with the same computation
techniques (see Table I.2).
An RBD can be considered as a kind of “electrical” circuit. Looking for combinations of
component failures leading to system failure is equivalent to looking where this circuit
can be “cut.” Hence, the origin of the term “cut set.”
Reference to existing IEC 61078:2016
standards
Overall need for Same as for fault tree (see Table I.2).
information
Notes NOTE 1 This is more a representation than an analysis method (contrarily to FTA which
is both). Less abstracted than FTA, this is the method preferred by engineers to represent
systems.
© ISO 2018 – All rights reserved 75
ISO 20815:2018(E)
Table I.3 (continued)
Analysis elements Summary
NOTE 2 An RBD deals only with two-states components and systems. FTA and RBD have
the same mathematical background and therefore the same possibilities and limitations
(see Table I.2).
NOTE 3 An RBD is not suited to production assurance analysis, which require flow net-
works that accommodate multi-state systems.
NOTE 4 RBD and MPA can be mixed within RBD driven Markov processes where small
Markov processes are used to models the boxes of the RBD and where the RBD provides
the logic linking the boxes (see IEC 61078:2016). This allows to build Markov models for
large systems and prevent the combinatorial explosion of the number of states.
I.5 Models for production availability calculations
I.5.1 General
Except for the Markov process analysis (MPA), classical models are not well adapted for production
availability calculations. MPA is only efficient for very small systems. Therefore, it is necessary to use
models able to:
— handle the complex behaviour of production systems;
— obtain the various probabilistic parameters needed;
— perform calculations quickly on industrial size system.
A solution widely adopted is to perform “Monte-Carlo simulations” on “behavioural models”.
I.5.2 Monte-Carlo simulation principles
Monte-Carlo simulation is a computation technique that replaces the analytical calculations by
statistical calculations. It is based on the simulation of a great number of production system histories
according to the following principle:
— The instants of occurrence of the events (e.g. failures, repairs, bad weather, rig mobilization)
occurring over a given history are calculated by using random numbers according to relevant
probability distributions.
— The relevant parameters (e.g. production losses, number of spare parts used, work load, time to first
failure) are captured over the given history in order to constitute statistical samples.
— When a sufficient number of histories has been accumulated, statistical calculations are used to
estimate the wanted parameters (e.g. production availability, average production losses, average
work load, mean time to first failure) from the statistical samples.
Monte-Carlo simulation is very well suited for production availability prediction of a production facility.
It overcomes the limitations of analytical calculations and can be used to model a variety of situations
including complex failure and repair distributions, the effects of different repair policies, redundancy,
operational aspects, etc. In addition, it allows mixing easily stochastic and deterministic events.
The variability in the simulation result parameters requires attention to handling of uncertainty
(see D.3.7). The number of Monte-Carlo simulations to be run in an analysis mainly depends on the
probability of occurrence of the events of interest within the period which is simulated, and the number
of events to simulate to reach the events of interest.
When applying this computation technique, sufficient number of simulations are required to ensure
results converge within an acceptable tolerance range and to the level of precision required.
76 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
I.5.3 Behavioural modelling
Before performing Monte-Carlo simulation, it is necessary to build the model being simulated. It is
necessary that such model has the following characteristics:
— approximate as closely as possible the actual system behaviour (e.g. react when events occur);
— encompass all elements having an impact on production (e.g. production flow through the various
equipment, system response to component failure or repair, operation, maintenance, spare parts
and flaring philosophies, SIMOPS, production profiles, etc.);
— code in a concise way the vast number of potential states of the production system.
The relevant mathematical framework to achieve above requirements consists of the so-called “finite-
states automata,” which generalize all the classical models (RBD, FTA and MPA).
Such “finite-state automata” are widely used for applications including Markov graphs, flow networks,
Petri nets, formal languages (proprietary or published), etc. Their performances and modelling
capacities vary over a large range and it is recommended to verify carefully that the particular software
package selected is suitable for a given production availability study.
I.5.4 Flow network analysis
A summary of the flow network analysis (FNA) is given in Table I.4.
Table I.4 — Flow network analysis
Analysis elements Summary
Analysis description A flow network (FN) is similar to an RBD and represents a production system. It is
composed of boxes (representing the production capacities of individual process com-
ponents) linked together according to the circulation of the production flow throughout
the production system.
The flow network analysis (FNA) is not a single type of analysis, but rather a general
description of the methodology and capabilities of various software tools which apply
Monte Carlo simulation to some kind of network that represents a production system.
The diagram can look like an RBD, an FN or a hybrid of these.
Objective of analysis The first purpose of FNA is to build a flow model representing the production capacity
of the system as a function of the production capacities of its components. This model
depends on the software package used.
Once established, the model can be used in Monte-Carlo simulation support to perform
the calculations and evaluate the relevant production parameters, such as production
availability, deliverability, demand availability, unavailability contribution from the
various elements, storage volume levels, usage of resources and spare parts, including
shortage, usage of utilities, including shortage.
Then, with regards to the performance objectives and requirements defined in the PAP,
the results can be used for decision support by doing sensitivity analysis on any of the
input parameters.
© ISO 2018 – All rights reserved 77
ISO 20815:2018(E)
Table I.4 (continued)
Analysis elements Summary
Reference to existing None
standards
Overall need for info The flow diagram itself can be drawn from the process flow diagrams (PFD) and pro-
cess instrumentation diagrams (PID) of the system under study and the inputs includes
those presented in Table I.2 (see also Table I.6).
Inputs identified in I.5.3 are also needed, but cannot be graphically represented.
Notes NOTE 1 FN is a representation widely used by engineers. It covers various realities
ranging from RBD like models to more sophisticated models.
NOTE 2 Some software tools have the possibility to apply multi-level networks or
include fault trees/RBDs in the simulation.
NOTE 3 Most of the proprietary software packages devoted to production availability
calculations are based on Monte Carlo simulation on RBD/FN-like models. Their model-
ling capacities and computation performances vary over a large range and it is wise to
analyse them cautiously before using them.
NOTE 4 Flow network (FN) and Petri nets (PN) can be mixed into "FN driven PN" mod-
els where small sub-PNs are used to model the behaviours of the boxes of a given FN
and where the FN is used as guidelines to link the boxes together.
NOTE 5 Optimization algorithms should be applied at product separation or mixing
points to reflect real life conditions, e.g. such that production from high value streams
are optimized.
I.5.5 Petri net analysis
A summary of the Petri net analysis (PNA) is given in Table I.5.
Table I.5 — Petri net analysis
Analysis elements Summary
Analysis description This is a graphical method that uses Petri nets (represented as finite-state automata) to
build a dynamic behavioural model of the system.
Potential events are represented by transitions and potential states by places. Arcs and
predicates (equations) are used to model the conditions to validate transitions (i.e. events
able to occur). Arcs and assertion (equations) are used to model when a transition is fired
(i.e. an event occurs).
Like FN, PN provide good support for Monte Carlo simulation.
Objective of analysis The first purpose of PNA is to build a model describing accurately both function and
dysfunction of production systems. According to the study this can include logistics, re-
sources used by several users (e.g. a single repair team for several components) and the
reconfiguration after a component failure or repair, etc.
Once established, the model can be simulated step by step manually (i.e. by using a “step-
per”) to verify that the behaviour reflects that of the actual production system.
Then, the model provides an efficient behavioural model for Monte Carlo simulations which
can be used to perform the calculations and evaluate the relevant production parameters
such as production availability, deliverability, demand availability, unavailability contri-
bution from the various elements, storage volume levels, usage of resources and spare
parts, including shortage, usage of utilities, including shortage, production losses, flared
gas quantity, maintenance man-hours, number of repairs performed by a given repair
team, number of failures, load of the repair support. The shortest and/or the most prob-
able sequences of event (scenarios) starting from the perfect state (if any) and leading to
the fully failed state (if any) can also be obtained.
Then, with regards to the performance objectives and requirements defined in the PAP, the
results can be used for decision support requirements defined in the PAP, the results can
be used for decision support by doing sensitivity analysis on any of the input parameters.
78 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table I.5 (continued)
Analysis elements Summary
Reference to existing IEC 62551:2012
standards
ISO/TR 12489:2013
Standards also exist in the "validation and proof" field, but they are not considered for
production availability purpose.
Overall need for A Petri net is an automaton behaving dynamically like the actual system under study.
information Every event that can occur on the actual system (see I.5.3) can be modelled in the Petri
net. Therefore, the types of information that can be accommodated are only limited by
the skill of the analyst and the detail needed for the study.
Logistics, resources, spare parts, preventive maintenance policy, reconfigurations, flaring
policy are the more common types of information generally needed.
Notes NOTE 1 Monte Carlo simulation allows the use of any probabilistic law (e.g. not just the
classical exponential law) for component failures, repairs, etc., and to mix deterministic
and random delays within the same model.
NOTE 2 Petri nets look more abstract than RBD, FNA or MPA, they present several ad-
vantages, such as:
— most of the information can be displayed on the graph itself;
— steppers can be implemented to verify the behaviour of the model;
— very fast Monte-Carlo computations can be implemented.
NOTE 3 Petri nets can be used in conjunction with flow diagrams to build "FN driven
PN" models where small sub-PNs are used to describe the behaviour of the boxes of a
given FN and where predicates and assertions are used to model the circulating flows as
modelled by the FN.
I.6 Design reviews
Formal design reviews are normally carried out for many systems during the course of a development
project. Special production assurance design reviews should be considered, or production assurance
aspects should be included in other design reviews. Maintainability aspects can be included in working
environment design reviews, for example.
Design reviews should be performed by a group of persons from relevant disciplines. The design review
should be performed with the systematic application of guide words or check lists.
Design reviews can focus on any aspect influencing production assurance, such as:
— general quality of products;
— product specification;
— design margins/safety margins affecting reliability of equipment;
— system configuration/redundancy;
— operational conditions;
— maintenance philosophy;
— maintenance procedures;
— maintainability/access/modularization;
— working environment for maintenance activities;
— required skills for maintenance personnel;
© ISO 2018 – All rights reserved 79
ISO 20815:2018(E)
— spare parts availability;
— tools required;
— safety;
— product experience.
Reference can be made to IEC 61160:2005.
I.7 Hazard and operability study
A hazard and operability (HAZOP) study is a structured and systematic technique for examining a
defined system, carried out by a dedicated team, to identify risks and operability problems. HAZOP
studies deal with the identification of potential deviations from the design intent, examination of their
possible causes and assessment of their consequences.
A HAZOP study is particularly useful for identifying weaknesses in systems (existing or proposed)
involving the flow of materials, people or information, or a number of events or activities in a planned
sequence or the procedures controlling such a sequence.
The purpose of a HAZOP study is to identify hazards in process plants and to identify operational
problems and provide essential input to process design. Besides being useful from a production
assurance point of view, the HAZOP studies can also be used to identify alternative safe ways of
operating the plant in an abnormal situation to avoid shutdown.
HAZOP studies can be used on systems as well as operations (procedures). Used on operations, such as
maintenance or intervention activity, findings from the HAZOP study can provide input to production
assurance analyses.
Reference can be made to the original HAZOP technique described in Reference[80] See also
IEC 61882:2016 and ISO 17776:2016, C.14. More specific, HAZOP methods are also applicable, such as
the Drillers’ HAZOP (Reference[77]), Software HAZOP and Human HAZOP.
I.8 Performance and operability review
Performance and operability review (POR) denotes a thorough review of failure and down time
scenarios in the production system to be analysed. The objectives with the review include the following.
— Evaluation of how failures in the system are identified and which consequences the various failure
modes imply.
— Estimation of the down time related to preparation for repair and start-up of production (focus on
process related conditions that can affect these issues). This should be seen in conjunction with
reliability data qualification and suggested estimates, which can be assessed in a POR exercise.
— Evaluation of preliminary reliability data for a production availability model.
The total production down time related to restoration of a failed item consists of the following phases:
— fault detection which may be instantaneous when a running item stops to run, rather instantaneous
when it is detected by on line diagnostics or which can take time when it occurs silently (e.g. failure
occurring on stand-by items) and need tests to be discovered;
— pre-repair phase (e.g. troubleshooting, isolation, depressurisation, gas freeing and mechanical
pre-work);
— active repair time (expectation of this time is called MART, see 3.1.1);
— post repair phase (e.g. mechanical post-work and start-up).
80 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
A POR group is established consisting of production assurance analysts and disciplines like process,
operation and maintenance. During POR sessions, failure scenarios of each sub-part or stage of the
model are evaluated through a systematic review. Total down time estimates are established by
achieving time estimates for all down time phases.
An illustration of production down time associated with a critical failure event occurring on an
operating item belonging to an operating production facility is shown in Figure I.1, where a partial
production loss occurs. An illustration of production down time on an operating production facility
associated with a critical failure of a standby item is shown in Figure I.2. The items B and C given in the
figures are for example compressor trains (in 2 × 50 % or 2 × 100 % configuration).
Key
O operating T0 operating
RD run down T1 run down
RU ramp up T2 preparation and/or delay
F faulty T3 active repair
SB standby T4 preparation for production; start-up
PF production facility T5 ramp up
A, B, C, D are operating items belonging to the production T6 operating
facility
Figure I.1 — Illustration of production down time due to a critical failure of an operating item
belonging to an operating production facility
© ISO 2018 – All rights reserved 81
ISO 20815:2018(E)
Key
O operating T0 standby
RD run down T1 restoration of C before demand
RU ramp up T2 restoration of C after demand
F faulty T3 ramp up
SB standby T4 operating
PF production facility A, B, C, D are operating items belonging to the production
facility
C is standby item belonging to the production facility
Figure I.2 — Illustration of production down time due to a critical failure of a standby item
belonging to an operating production facility
The figures in Clause 3 and Figures I.1 and I.2 in this document should be understood in conjunction
with Figure 4 in ISO 14224:2016 and Figures 5 to 7 in ISO/TR 12489:2013, to distinguish different
performance measures and their application.
I.9 Reliability testing
I.9.1 General
Reliability testing may be required to predict the reliability of components or technologies which
will be used in new applications or be supplied by new vendors. The term ‘reliability testing’ covers
the physical demonstration of required reliability in the intended environment over the simulated
design life. Reliability testing involves both the application of theoretical and practical tools. It should
provide quantified evidence about the probability and capability of components to perform their
required functions, in specified environments, for the required period without failure. It further helps
to demonstrate the level to which the specified reliability and life time have been designed-in and
manufactured. The focus items of reliability testing programs are the dominating or critical failure
modes where levels of uncertainty exist around functions and ability to meet specifications.
82 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Reliability testing is a generic term covering a variety of different test categories, but usually falls into
one of the following categories:
— Reliability life testing
Reliability life testing covers specific types of physical life tests performed to predict the reliability
characteristics during the expected life of the system. Typically, reliability tests seek to determine
reliability over calendar or operating time, but can also examine reliability to start-up on demand,
number of cycles to failures, or other appropriate operating life accelerating factor. The results from
the failure data from such tests are then recorded and analysed using relevant life data analysis
techniques (see I.13). See information in IEC 61123:1991.
— Accelerated life testing
Reliability tests can require extended time periods to be satisfactorily carried out and are often
unachievable given project schedules and deadlines. Accelerated life testing (ALT) programs can
shorten the length of the test program for a critical failure mode. ALT is similar to reliability life
testing, except that ALT decreases test times by typically overstressing components by increasing
or accelerating one or more test parameters (e.g. temperature, pressure or vibration levels). Related
types of testing are highly accelerated life testing (HALT) and highly accelerated stress screening
(HASS), which can provoke different or alternative failure modes or degradation mechanisms.
ALT, HALT and HASS are extremely challenging activities, and projects are encouraged to seek
specialized assistance. See further information in References [71] and [81] and in IEC 61163-1:2006
and IEC 61163-2:1998.
Careful consideration is needed when developing reliability testing programs as the requirements are
often misunderstood and can be difficult to plan and implement. Additional sub-categories of reliability
testing include:
— reliability growth testing (see also IEC 61164:2004);
— development-reliability tests to determine functional capabilities;
— demonstration-reliability tests to verify formally that operational requirements are being met at
the system level;
— qualification tests to verify conformance to the requirements of a specification (see IEC 60050:2015,
192-09-04);
— production-reliability assurance testing;
— in-service reliability demonstration testing.
As described above, several types of reliability testing can be performed in order to predict reliability
of components. BS 5760-2:1994 gives further information about such reliability tests.
With reliability testing, it is not meant normal manufacturing quality control (such as factory
acceptance test (FAT) and system integration test (SIT)) applicable for most components, sub-systems
and systems in the petroleum, petrochemical and natural gas industries. Accelerated lifetime testing
involves overstressing in terms of environmental and operational conditions, which provokes different
or alternative failure modes and degradation mechanisms compared to normal operating conditions. It
has proven extremely challenging to reproduce normal lifetime degradation from accelerated lifetime
testing.
The production availability model may be used to perform sensitivity studies in order to detect for
which components a better knowledge of their reliability parameters is necessary, or what reliability is
necessary to demonstrate for given components to reach the scheduled targets.
© ISO 2018 – All rights reserved 83
ISO 20815:2018(E)
I.9.2 Overview of testing activities
Table I.6 provides an overview of testing addressed in this document. See also Figure 6 and Tables B.4
and B.5 in ISO 14224_2016. Reliability related testing undertaken for technology qualification purposes
(see C.8 and I.21) is also covered in Table I.6. Quality control related testing also includes integration
testing of qualified technology (full interface and functionality tests, e.g. SAT and SIT), see Table I.8.
Table I.6 — Type of testing for different aspects
Aspects Type of testing Clause
Reliability Accelerated life testing (ALT) E.2, I.9
Demonstration-reliability tests I.9
Development-reliability tests I.9
Highly accelerated life testing (HALT) I.9
In-service reliability demonstration testing I.9
Production-reliability assurance testing I.9
Reliability growth testing I.9
Reliability life testing I.9
Qualification testing 4.4, 4.5, C.3, I.9
Quality control Factory acceptance test (FAT) 4.4, C.3, E.2, I.9
Site acceptance test (SAT) C.3
System integration test (SIT) E.2, I.9
Safety Equipment testing of safety equipment G.3, I.16
Periodic test G.3, I.16, I.20
Other Equipment testing I.16, I.20
Field or laboratory testing F.3
Small scale testing I.21
Software testing I.11
I.10 Human factors
Human factors is an applied science that addresses human capacities and limitations in relation to
performance demands. The aim is to optimize the design of tasks, tools, products and systems in order
to optimize human performance according to the required goals for the performance of tasks, systems,
and products. These goals include minimising human error, negative health impacts, stress, fatigue and
discomfort and improving performance parameters like speed, accuracy, reliability and safety.
Interfaces where humans and non-human components interact, such as between operation or
maintenance personnel and products, systems or equipment, can be analysed to identify the potential
for and the effects of human errors, as well as the opportunities for performance improvement.
Particular attention should be given to the following:
— identification of critical human operation and maintenance tasks through analysis of the interfaces
in relation to required goals;
— evaluation of potential human errors at the interfaces during operation and maintenance, their
causes and consequences;
— evaluation of performance shaping factors for these tasks (factors which increase the chance of
error or of success);
— initiation of modifications to reduce the chance of human errors and their consequences and
improve human performance to identify and recover unwanted deviations and unsafe conditions.
84 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Reference can be made to API Publication 770:2001, ISO/TR 12489:2013, ISO 14224:2016,
IEC 62508:2010 and Reference[69].
I.11 Software reliability
Software systems are likely to contain faults due to human error in design and development, and these
faults can give rise to failures during operation. The improved reliability of hardware components, and
of electronic components in particular, can reduce the contribution of hardware unreliability to system
failure. Hence, systematic failures due to software error can frequently become the predominant cause
of failure in programmable systems.
In analysing a system containing software components, the block diagram technique, FMECA (see
Clause I.2) or the fault tree analysis (see Clause I.3) can both be applied to take account of the effects
of a software failure on the system behaviour. This is useful for identifying software components that
are critical to the function of the system. For these methods to be applied quantitatively, it is necessary
to measure the reliability of the software components. Faults in software systems have unique
characteristics in the manner in which the failures have occurred, as described as follows:
— the faults are latent within the software from the start and are hidden;
— all identical software has the same faults;
— once a fault is detected and successfully repaired, it does not occur again;
— extensive testing can eliminate many software faults;
— software should be developed, designed, tested and used with the same kind of hardware (i.e.
change of hardware can activate latent faults within the software);
— interdependencies between software products may require that the probability of systemic failures
(see ISO/TR 12489:2013, 3.2.8) are considered.
For further description of software reliability, reference can be made to IEC 61508-3:2010,
IEC 62628:2012 and IEC 60300-3-15:2009.
I.12 Dependent, common cause and common mode failures
The classical equations used to calculate system reliability from component reliability assume that the
failures are independent. Some dependent and common cause failures can occur that lead to system
performance degradation or failure through simultaneous deficiency in several system components
due to internal or external causes. External causes can include human or environmental problems
while internal causes are generally associated with hardware.
Production performance (e.g. production availability or system availability) predictions should include
an evaluation of how dependent, common cause and/or common mode failures are handled.
See further ISO 14224:2016, Annex C.1.5 to C.1.7 and ISO/TR 12489:2013, Annex G. Systematic
failures (see ISO/TR 12489:2013, 3.2.17 and IEC 60050-192:2015, 192-03-10) are described in ISO/
TR 12489:2013, Figure B.5.
I.13 Life data analysis
Life data analysis is used to fit the life data (failure data) to a particular distribution. It is then possible
to use the known characteristics of the distribution to gain a more complete understanding of the
failure behaviour of the item. Many distributions are available, and one can be more suitable to model a
particular data set than another.
NOTE 1 The choice of the most appropriate distribution usually requires prior knowledge of the operative
failure regime.
© ISO 2018 – All rights reserved 85
ISO 20815:2018(E)
NOTE 2 Further description of life data analysis can be found in ISO 14224:2016, Annex C.
NOTE 3 Only Monte-Carlo simulation is able to handle all probabilistic distributions.
I.14 Reliability-centred maintenance analysis
In a reliability-centred maintenance (RCM) analysis that has proposed to establish the (preventive)
maintenance programme in a systematic way, the following steps are normally covered:
— functionality analysis, which defines the main functions of the system/equipment/barriers;
— assessment of the equipment failure modes and their frequency (for which FMECA can be used);
— identification of the failure causes and the failure mechanisms for critical failure modes (see also
ISO 14224:2016, F.1, where the term “critical” with respect to equipment function versus safety
function is described);
— selection of maintenance type based on failure impact, the failure frequency, the maintenance
cost, etc.
The RCM process should be updated throughout the life cycle in conjunction with revisions of the
maintenance programme, also using relevant historic equipment reliability data as well as verifying
previous analyses and assessments.
Valid production performance analysis information used in early project phases should be fed into
the RCM process, when appropriate, to enable consistency and interaction between the two studies.
Coordination of reliability data utilized in the two studies should be ensured. Similarly, the “living”
RCM study information should be consulted when production assurance and reliability analyses are
updated during operational stages.
For various issues related to RCM, reference can be made to IEC 60300-3-11:2009 and NORSOK Z
-008:2017.
I.15 Risk-based inspection analysis
Risk-based inspection analysis (RBI) is a methodology which aims at establishing an inspection
programme based on the aspects of probability and consequence of a failure. The methodology combines
production assurance and risk-analysis work and is typically applied to static process equipment (e.g.
piping, pressure vessels and valve bodies). The failure mode of concern is normally loss of containment.
Interactions between RBI, RCM, production assurance, availability and risk analyses are important to
ensure consistency in relevant failure rates and associated down time patterns for equipment covered
in these analyses. Experience using RBI undertaken in the operating phases may also be utilized in
connection with production performance analysis of design alternatives in the planning stages as well
as in early maintenance planning.
For further description of RBI, reference can be made to various industry standards, including:
— API RP 580:2016 provides guidance for developing RBI programs on fixed equipment in e.g. upstream
and midstream oil and gas production facilities, downstream (i.e. refining) and petrochemical
facilities;
— DNVGL-RP-G101:2017 focusses on offshore (topside static mechanical equipment);
— DNVGL-RP-F206:2008 covers risers;
— DNVGL-RP-F116:2017 covers subsea flowline and pipeline systems;
— DNVGL-RP-0002:2016 addresses subsea production systems;
— NORSOK Z-008:2017 addresses RBI analyses depending on type of item.
86 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
I.16 Test interval optimization
Safety and production equipment will, as defined in the associated PM programme, be subject to testing
and inspection, and periodic testing; see Figure 6 in ISO 14224:2016 and NORSOK Z-008:2017. The
objective of such tests is to ensure the safety and production performance objectives and requirements
are met.
In order to comply with acceptance criteria and/or more specific requirements, as is the case with
safety systems (e.g. barriers), testing at certain test intervals is necessary. Frequent testing normally
leads to high availability of the tested function when the test coverage is adequate (by test coverage is
meant the relevance of the tests, i.e. the likelihood of revealing a hidden failure during a periodic test).
However, testing can be expensive and can in specific cases deteriorate the system (e.g. pressure testing
of valves) and even introduce additional failures to the system. Also, testing can lead to production
down time (e.g. adding full stroking tests on a given safety valve).
Based on a system analysis, the test interval for both components and the system in general can be
optimized with respect to the specified acceptance criteria/requirements and associated cost (i.e.
direct costs like CAPEX and indirect costs like OPEX and additional production loss). The component
condition after testing (i.e. good-as-new or bad-as-old) should be clearly stated. The test interval
optimization should also be based on operational considerations (e.g. number and variation of items to
be tested as this could include a mix of old and new items).
Analysis approaches and statistical methods for the execution of such optimization analyses can be
found in ISO 14224:2016, Annex C.6. See also guidance on reliability modelling and calculation of safety
systems in ISO/TR 12489:2013. Reference can also be made to NORSOK Z-008:2017.
I.17 Spare parts optimization
A summary of spare-parts optimization is given in Table I.7. Spare-parts optimization can be done by
using optimization algorithms (e.g. genetic algorithms, ant colony) on the production availability model.
Table I.7 — Spare parts optimization
Analysis elements Summary
Analysis description Spare-parts optimization is based on operational research and selected reliability methods
and can either be analytical or use simulations. The optimization process aims at balancing
the cost of holding spare parts against the probability and cost of a spare-part shortage.
Objective of analysis Optimize spare parts storage in terms of:
— initial quantity of spare parts;
— reorder point;
— replenishment quantity;
— stock allocation (nominal).
Reference to existing IEC 60300-3-14.2004
standards
IEC 62550:2017
Overall need for The following data are required:
information — demand rates, unit prices and criticality for defined spare parts;
— work breakdown structure (configuration);
— turn-around times, repair fractions, lead times;
— supply links, transportation times, storage and re-supply costs.
In conjunction with reliability management, obsolescence management can also be important to
address (see IEC 62402:2007).
© ISO 2018 – All rights reserved 87
ISO 20815:2018(E)
I.18 Methods of structural reliability analysis
Structural reliability analysis (SRA) is a probabilistic methodology for determining limit state failure
probabilities. The basic variables represent causal mechanisms related to load and strength that can
give rise to the “system failure” event. The limit function is based on physical models. Methods of SRA
are used to calculate the probability and to study the sensitivity of the failure probability to variations
of the parameters in the calculation. Simulation is often used, but is a very time-consuming technique
in cases of small probabilities.
Methods of SRA are tools for calculating probability. Thus, the models used in this type of analysis
are related to other reliability models, like lifetime models for mechanic and electronic equipment,
reliability models for software, availability models for supply systems and models for calculating the
reliability of human actions. All models of this kind can be used to calculate single probabilities that
are input into different methods used in risk and production performance analyses, such as for the
basic events in fault tree and RBD analyses. A special feature of methods of SRA is that the influence
from several random variables and failure modes can be taken into account in a single analysis. Thus,
using methods of SRA, the splitting of events into detailed sub-events is often not necessary to the same
extent as in, for example, FTA.
SRA is a procedure for the determination of the level of safety against failure of a structure or structural
component; see further information on such analysis in ISO 19900:2013 and ISO 2394:2015. The
reliability analysis of offshore structures will also need to utilise relevant metocean data as described
in ISO 19901-1:2015.
Reliability-based limit state design methods for pipeline design are described in ISO 13623:2017, and
can be used for pipeline integrity management.
I.19 Life cycle cost analysis
Production assurance predictions are an important input parameter into life cycle cost analysis (LCC)
evaluations. LCC evaluations are normally performed to select between two or more alternatives.
The evaluations may include parts or whole facilities. The format of the input should be suitable to
calculate the LOSTREV as part of the production performance analysis, whilst CAPEX and OPEX are
normally covered in the overall LCC analysis. It should be recognized that OPEX includes the corrective
maintenance cost (workload, spares, logistics and other resource consumption) that can be estimated
from the production performance analysis outlined in this document.
Each alternative should be presented with the appropriate production performance measures as a
percentage of planned production. If production performance varies with time, performance measures
should be presented as a function of time (one figure for each year of the field life). The related reference
level profile should also be presented so that the production loss, and hence the LOSTREV, can easily
be calculated. It is important to clarify the assumptions, in each case, whether, and if so when, the
production loss can be recovered.
Unless the LCC evaluations aim at predicting the total LCC, the production performance input can be
limited to the differences between the alternatives. The production performance input should include
relevant figures for oil production, gas export and other as required.
The LCC analysis is applicable for comparison purposes, and may give input to overall project economic
analysis not covered in this document, but Figure 2 can be useful for such relationships.
Reference can be made to ISO 19008:2016, ISO 15663:2001 (all parts) and IEC 60300-3-3:2017.
I.20 Risk and emergency preparedness analyses
Risk and emergency preparedness analyses link many aspects of reliability and production assurance
with safety and environmental issues. A risk analysis in accordance with ISO 17776:2016 and an
88 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
emergency preparedness analysis in accordance with ISO 15544:2000 are examples of such analyses.
Specifically, the interfaces to a risk and emergency preparedness analysis are as follows:
— Input to a risk analysis and an emergency preparedness analysis in terms of reliability of safety
systems (fire water system, fire and gas detection system, ESD system); such individual system
analyses can be a part of the overall production performance analysis.
— Risk and emergency preparedness analyses can impose reliability requirements on certain
equipment, typically safety systems. See also Clause F.4.
— Risk and emergency preparedness analyses can impose requirements to equipment configuration
that affect production assurance.
— Production can be made unavailable due to major accidents (see D.3.6 and Annex H).
EXAMPLE Manning levels, logistics and equipment test strategies.
— Coordination of study assumptions and data in risk and emergency preparedness analyses and
production performance analyses is recommended.
— Barrier issues (see ISO 17776:2016, 3.1.1 and Reference[70]).
In addition, as part of maintenance, plans for periodic test (ISO 14224:2016, 3.74 and Figure 6) should
be established to ensure that there are no hidden failures which would prevent a system needed for
emergency response achieving the essential functions and reliability targets given in the functional
requirements. On some installations, a risk-based approach is used to determine the inspection
and testing requirements. In this case, the inspection and testing frequencies will be developed for
individual installations.
ISO 35103:2017 addresses environmental monitoring for Arctic operations and can be relevant when
undertaking quality and reliability considerations of performance of environmental monitoring
systems.
I.21 Technology maturity assessment
I.21.1 General
Technology qualification processes (see Process 8 in Clause C.3) will require technology maturity
assessment that make use of technology readiness level (TRL) or technology novelty category (TNC).
I.21.2 Technology readiness level
TRL describes the development stages in the qualification process and the degree of testing that is
required to reach each stage. See Table I.8. For a project, technology qualification may start at any point
in the TRL scale depending on its maturity and project technology qualification basis.
The primary purpose of the TRL is to provide objective criteria for assessment of maturity of evolving
technologies and assist in making decisions concerning the development and implementation of
technology. The TRL system provides a common understanding and terminology of technology status
and assists in risk management related to use of technology.
Company considerations can apply for how to rely on externally qualified technology (TRL 4) or develop
this on own basis. Specific approaches may be defined with respect to how such externally qualified
technology is taken from TRL 4 to TRL 7 by application by the company.
If a technology consists of several components, the TRL for the overall technology/system is based
on the component with the lowest TRL or an overall evaluation of the TRL. Uncertainty regarding
interaction between components can lead to a lower TRL for the system than for the component with
lowest TRL.
© ISO 2018 – All rights reserved 89
ISO 20815:2018(E)
Table I.8 — Technology readiness levels for technology development and qualification
Level Development stage TRL description
TRL 0 Unproven idea/pro- Paper concept. No analysis or testing has been performed.
posal
TRL 1 Concept demonstrated Basic functionality demonstrated by analysis, reference to features
shared with existing technology or through testing on individual
subcomponents/ subsystems. Should show that the technology is
likely to meet specified objectives with additional testing.
TRL 2 Concept validated Concept design or novel features of design validated through model
or small scale testing in laboratory environment.
Should show that the technology can meet specified acceptance
criteria with additional testing.
TRL 3 New technology tested First version of technology built, and functionality demonstrated
through testing over a limited range of operating conditions. These
tests may be done on a scaled version, if scalable. If the technology
is tested as a small-scale version, it is important that the scale
effects compared to a large-scale version are sufficiently well
understood and predicted.
TRL 4 Technology qualified Large scale version of technology built, and technology qualified for
for first use use within specified operating conditions/limits, through testing
in intended environment, simulated or actual. The new technology
is now ready for first use. If the technology is qualified as a large-
scale version, it is important that the scale effects compared to a
full-scale version are sufficiently well understood and predicted.
TRL 5 Technology integra- Full-scale technology built and integrated into the environment
tion tested where it is intended to operate, with full interface and function-
ality tests.
TRL 6 Technology in opera- Full-scale technology built and integrated into the environment
tion where it is intended to operate, with full interface and functionality
tests. The technology has operated in accordance with predefined
performance criteria over a limited period of time.
TRL 7 Proven technology The technology has operated in accordance with predefined per-
formance and reliability criteria, over a period of time sufficient
to reveal time-related effects. Required duration of operation is
one of the pre-defined criteria. The technology is now proven for
use within specified operating conditions/limits.
I.21.3 Technology novelty category
New technology is typically evolved from existing (sometimes proven) technologies. Normally only
some elements of the technology are novel. Uncertainty is associated mainly with the novel elements.
Both the novelty of the technology itself and its application area affect the overall uncertainty associated
with the technology. Decomposition of the technology is a way of identifying and isolating the novel
elements. A change in any of the elements of existing technology (parts, functions, processes etc.) will
lead to increased uncertainty. The technology categorization shown in Table I.9 is used to assess the
degree of step-out from existing technology and to direct the qualification efforts by focusing on the
novel elements contributing most to uncertainty.
“Application area” in Table I.9 refers to the operating conditions, environment or purpose for which the
technology will be used. Only knowledge and experience that is documented and accessible, either from
in-house or external sources, should be accounted for in the novelty categorization. See also Table I.10.
90 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
Table I.9 — Technology novelty categorization
Degree of technology noveltya
Application area No new technical Technical elements with New technical elements
elements limited industry history with no industry history
Known 1 or 2a 2c 3
New 2b or 2c 3 4
a Table I.9 provides an explanation of different technology novelty categories.
Table I.10 — Technology maturity and typical qualification need for different technology
novelty categories
Category Technology statusa Description Way forward TRL
1 Proven for use No new technical elements, and No qualification required. The 7
known area of application. The tech- technology is ready for broad ap-
nology has reached TRL 7 through plication in company.
application in the company.
2a New - Qualified by No new technical elements, and No qualification required. The 4
company known area of application for com- technology is ready for first ap-
pany. Technology has been qualified plication in company.
for actual application by company.
Technology can have been applied
by others, but not by the company.
2b New - Qualified by Some new uncertainties due to If TRL 4 is verified, then no quali- 4 or
others new application area for the com- fication required. The technology <4
pany. Application area is known to, is then ready for first application
and technology has been qualified in company.
by others.
2c New - Unqualified Some new uncertainties due to Technology qualification will be <4
either technical elements with required. Low-to-medium risk to
limited industry history, or new reach TRL 4.
application area for the industry.
3 New - Unqualified Significant new uncertainties due Technology qualification will be re- <4
to either new technical elements, quired. Medium risk to reach TRL 4.
or new application area.
4 New - Unqualified Large new uncertainties due to Technology qualification will be <4
new technical elements, and new required. High risk. Demanding
application area. qualification expected, should have
focus and attention.
a New technology: Technology that is not proven in use, i.e. technology that has not reached TRL 7 through application in
the company.
I.22 Markov process analysis
A summary of the Markov process analysis (MPA) is given in Table I.11.
© ISO 2018 – All rights reserved 91
ISO 20815:2018(E)
Table I.11 — Markov process analysis
Analysis elements Summary
Analysis description MPA is a graphical model representing the behaviour of a system that jumps from state
to state all along its life and allowing probabilistic calculations (reliability, availability,
production availability).
Objective of analysis There are several objectives:
— build a diagram (Markov graph) representing visually the behaviour of the whole
system under study and defining an underlying set of differential equations
allowing probabilistic calculations;
— compute the (un)reliability and the pointwise (un)availability of the system
under study;
— compute the steady-state (un)availability of the whole system under study;
— compute the mean (un)availability or production (un)availability of the system
under study over a given period;
— identify the shortest and/or the most probable sequences of event (scenarios)
starting from the perfect state and leading to the fully failed state;
— compute the expected requirement for spare parts and repair resources during the
system’s lifetime.
Reference to existing IEC 61165:2006
standards
Overall need for A Markov diagram represents a set of linear differential equations allowing the calcula-
information tion of the probability that the system is in a given state at a given time. The inputs are
data defining the transition rates and the relationships among the various states, such as:
— failure rates, repair rates of individual components;
— common-cause failures rates;
— logistic delays (transformed into equivalent transition rates);
— probabilities of failure upon demand (e.g. fail to start).
Operation and maintenance philosophies are also included as inputs having an impact
on the structure of graph itself, or on the transition rates (e.g. simultaneous repair of
several components for a single transition).
Notes NOTE 1 Beyond probabilities, MPA allows the computation of the mean cumulated times
spent in each state. This allows closure of the gap between reliability/availability calcula-
tions and production availability calculations.
NOTE 2 The main problem with MPA is the exponential increase in the number of possible
states, which restricts this method to small systems.
NOTE 3 Classical MPA is a process without “memory,” i.e. the future doesn't depend on
the past. When this is not the case, it is necessary to use “semi-Markov” processes and
analytical calculations become very difficult.
NOTE 4 When components are independent the Markovian approach can be mixed with:
— reliability block diagrams (RBD driven Markov processes) where small Markov
processes are used to model the boxes of the RBD and where the RBD provides the
logic linking of the boxes (see IEC 61078:2016);
— fault trees (FT driven Markov processes) where small Markov processes are used to
model the leaves of the FT, and where the FT provides the logic linking of the leaves
(see ISO/TR 12489:2013).
NOTE 5 This allows to build Markov models for large systems and prevent the combinato-
rial explosion of the number of states.
92 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
I.23 Bayesian belief network
A summary of the Bayesian belief network (BBN) and its use in reliability management/decision
optimisation is given in Table I.12.
Table I.12 — Bayesian belief network
Analysis elements Summary
Analysis description Bayesian belief networks (BBN) are probabilistic directed acyclic graphical models, which
consist of a set of interconnected nodes, where each node represents a random variable
(discrete or continuous) and the connecting arcs represent the causal relationships be-
tween these variables. The relationships between nodes are captured via conditional
probability tables (Boolean and multinomial) whereby marginal distributions are derived
in accordance with Bayes rule.
BBN’s can be extended to influence diagrams with the addition of decision and utility
nodes whereby multi attribute decision making can be performed through the applica-
tion of utility theory.
Objective of analysis The purpose of the BBN is to build a multi-attribute logic model which represents all
possible combinations of states/values of random variables over their joint expected
outcome. The output of the BBN are marginal distributions, which in turn can provide
direct reliability analyses.
Generally, BBN’s utilize algorithms (cliques and subsets) to compute marginal distributions
which can be subsequently updated via Bayesian learning (prior to posterior distributions)
or through the application of findings/evidence (message passing). Complex BBN can be
considered Markovian blankets.
Reference to existing None
standards
Overall need for Similar as for fault tree analysis (see Table I.2).
information
Notes Output from BBN can be applied to FTA/RBD processes where probability of state is to
be considered.
I.24 Life time extension analysis
A summary of the life time extension analysis is given in Table I.13.
Table I.13 — Life time extension (LTE) analysis
Analysis elements Summary
Analysis description Life time extension analysis consists of different methods to analyse what is the effects
of extending life time beyond the original design lifetime. This may include probabilistic
assessments of the structural integrity based on updated conditions and equipment status,
to assess what is the potential impact of “old age” on functionality and safety.
Objective of analysis The purpose of the life time extension analysis is to ensure safe and reliable operation of
beyond the original design lifetime. This includes assessment of whether the extension is
achieved with an acceptable safety level.
Reference to existing — Norwegian Oil and Gas recommended guideline No. 122 (Reference[73])
standards
— NORSOK Y-002:2010
— NORSOK U-009:2011
— Oil & Gas UK HS073 (Reference[74])
Overall need for Similar to other analyses described in this annex, and generally a need to use plant-specific
information equipment performance data and conditions of the facilities to be extended.
Notes Output from life time extension analysis may be applied to understand the effect of life
time extension on production assurance, and form basis for business decisions.
© ISO 2018 – All rights reserved 93
ISO 20815:2018(E)
I.25 Analysis on weather influence on production performance
Metocean data (as defined in ISO 19901-1:2015) can be needed to use in conjunction with production
availability analyses, such as:
— seasonal or weather impact on subsea interventions;
— winterization issues;
— ice management;
— offshore or inshore offloading to/from shuttle tankers;
— spurious shutdowns of floating units due to sea motions, and;
— potential increase of logistic delays.
Analysis of weather statistics can often make use of time-series analysis.
ISO 35106:2017 and NORSOK N-003:2017 contains relevant information on metocean data that should
be taken into account in production performance analysis.
Statistical weather evaluation is also important in operational planning and combined with equipment
reliability performance (e.g. safely aborted operations, weather window for marine installation,
interventions, etc.). ISO 35101:2017 is also relevant with respect to work environment in arctic regions,
which requires risk and reliability management attention.
I.26 Loading performance analysis
Separate analysis approaches can be needed to analyse offloading performance (e.g. logistics of shuttle
tankers), offshore storage optimization (e.g. size and concept) and inshore harbour facility/operations
(lifting arm operations to/from ships). Such analysis can use some of the analysis techniques mentioned
in this annex (see I.5.2) or possibly combined with time-series analysis to reflect weather influences
(see Clause I.25).
The following special performance measures apply for offshore and onshore loading systems (and
supplements measures in Clause G.1):
a) Loading performance measures: Loading availability, the number of successful loading operations,
demurrage/excess of field time or other specific measurements are used to express such loading
performance.
b) Loading availability: The terminal’s and shuttle tanker’s ability to perform loading operations
under given conditions and time-frames. This ability is expressed as the proportion of time(s) the
item is in the functioning state.
c) Jetty utilisation (allocated): The time where the jetty is allocated to a vessel. This includes “time
at jetty” and the time used for inward and outward passage when the jetty is not available for
other ships.
d) Safety buffer: The time taken for the storage tank to reach full storage from a given level, at a
given production rate. In the loading performance analyses, the safety buffer is used to indicate
the required time of connection of the shuttle tanker to the storage unit, to avoid full storage and
consequently production losses.
e) Demurrage time: Demurrage time is the difference between the tanker’s actual lay time and agreed
(contractual) lay time. If actual lay time exceeds agreed lay time, then a demurrage cost accrues.
Actual lay time does not begin until the arrival window starts, if the tanker arrives before the
agreed arrival window, likewise if the tanker arrives late, the actual lay time does not commence
until the tanker has berthed.
94 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
f) Berthing operations: The time required for jetty configuration to become available for the loading of
specified vessels and cargo. This time also includes berthing delays due to operational limitations,
e.g. adverse wind or sea states.
© ISO 2018 – All rights reserved 95
ISO 20815:2018(E)
Bibliography
[1] ISO 2394:2015, General principles on reliability for structures
[2] ISO 9000:2015, Quality management systems — Fundamentals and vocabulary
[3] ISO 9001:2015, Quality management systems — Requirements
[4] ISO 13623:2017, Petroleum and natural gas industries — Pipeline transportation systems
[5] ISO 13702:2015, Petroleum and natural gas industries — Control and mitigation of fires and
explosions on offshore production installations — Requirements and guidelines
[6] ISO 15544:2000/Amd 1:2009, Petroleum and natural gas industries — Offshore production
installations — Requirements and guidelines for emergency response
[7] ISO 15663-1:2000, Petroleum and natural gas industries — Life cycle costing — Part 1: Methodology
[8] ISO 15663-2:2001, Petroleum and natural gas industries — Life-cycle costing — Part 2: Guidance
on application of methodology and calculation methods
[9] ISO 15663-3:2001, Petroleum and natural gas industries — Life-cycle costing — Part 3:
Implementation guidelines
[10] ISO 16530-1:2017, Petroleum and natural gas industries — Well integrity — Part 1: Life cycle
governance
[11] ISO 17776:2016, Petroleum and natural gas industries — Offshore production installations —
Major accident hazard management during the design of new installations
[12] ISO 19008:2016, Standard cost coding system for oil and gas production and processing facilities
[13] ISO 19900:—1), Petroleum and natural gas industries — General requirements for offshore
structures
[14] ISO 19901-1:2015, Petroleum and natural gas industries — Specific requirements for offshore
structures — Part 1: Metocean design and operating considerations
[15] ISO 19901-7:2013, Petroleum and natural gas industries — Specific requirements for offshore
structures — Part 7: Stationkeeping systems for floating offshore structures and mobile offshore units
[16] ISO 22300:2012, Societal security — Terminology
[17] ISO/TS 29001:2010, Petroleum, petrochemical and natural gas industries — Sector-specific quality
management systems— Requirements for product and service supply organizations
[18] ISO 31000:2018, Risk management — Guidelines
[19] ISO 35101:2017, Petroleum and natural gas industries — Arctic operations — Working environment
[20] ISO 35103:2017, Petroleum and natural gas industries — Arctic operations — Environmental
monitoring
[21] ISO 35106:2017, Petroleum and natural gas industries — Arctic operations — Metocean, ice, and
seabed data
[22] ISO/IEC Guide 51:2014, Safety aspects — Guidelines for their inclusion in standards
[23] ISO Guide 73:2009, Risk management — Vocabulary
1) To be published (revises ISO 19900:2013). Stage at time of publication ISO/DIS 19900:2018.
96 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
[24] ISO/TR 12489:2013, Petroleum, petrochemical and natural gas industries — Reliability modelling
and calculation of safety systems
[25] IEC 31010:2009, Risk management — Risk assessment techniques
[26] IEC 60050-192:2015, International electrotechnical vocabulary — Part 192: Dependability
[27] IEC 60300-1:2014, Dependability management — Part 1: Guidance for management and application
[28] IEC 60300-3:2017, Dependability management — Part 3 (all sections): Application guide
[29] IEC 60300-3-2:2004, Dependability management — Part 3-2: Application guide — Collection of
dependability data from the field
[30] IEC 60300-3-3:2017, Dependability management — Part 3-3: Application guide — Life cycle costing
[31] IEC 60300-3-4:2007, Dependability management — Part 3-4: Application guide — Guide to the
specification of dependability requirements
[32] IEC 60300-3-11:2009, Application guide — Reliability centred maintenance
[33] IEC 60300-3-14:2004, Dependability management — Part 3-14: Application guide — Maintenance
and maintenance support
[34] IEC 60300-3-15:2009, Dependability management — Part 3-15: Application guide — Engineering
of system dependability
[35] IEC 60812:2006, Analysis techniques for system reliability — Procedure for failure mode and effects
analysis (FMEA)
[36] IEC 61025:2006, Fault tree analysis (FTA)
[37] IEC 61078:2016, Reliability block diagrams
[38] IEC 61123:1991, Reliability testing — Compliance test plans for success ratio
[39] IEC 61160:2015, Design review
[40] IEC 61163-1:2006, Reliability stress screening — Part 1: Repairable assemblies manufactured in lots
[41] IEC 61163-2:1998, Reliability stress screening — Part 2: Electronic Components
[42] IEC 61164:2004, Reliability growth — Statistical test and estimation methods
[43] IEC 61165:2006, Application of Markov techniques
[44] IEC 61508:2010, (all parts), Functional safety of electrical/electronic/programmable electronic
safety-related systems
[45] IEC 61511-1:2016, Functional safety — Safety instrumented systems for the process industry sector
— Part 1: Framework, definitions, system, hardware and application programming requirements
[46] IEC 61882:2016, Hazard and operability studies (HAZOP studies) — Application guide
[47] IEC 62402:2007, Obsolescence management — Application guide
[48] IEC 62508:2010, Guidance on human dependability
[49] IEC 62550:2017, Spare parts provisioning
[50] IEC 62551:2012, Analysis techniques for dependability — Petri net techniques
[51] IEC 62628:2012, Guidance on software aspects of dependability
© ISO 2018 – All rights reserved 97
ISO 20815:2018(E)
[52] Publication API 770, A Manager’s Guide to Reducing Human Errors Improving Human
Performance in the Process Industries, March 2001
[53] API RP 17N, Subsea Production System Reliability, Technical Risk, and Integrity Management,
Second Edition, June 2017
[54] API RP 580, Risk-Based Inspection, Third Edition, February 2016
[55] BS 5760-2:1994, Reliability of systems, equipment and components — Guide to the assessment of
reliability
[56] EN 13306:2017, Maintenance — Maintenance terminology
[57] NORSOK N-003, Actions and action effects, January 2017
[58] NORSOK U-009, Life Extension for Subsea Systems, March 2011
[59] NORSOK Y-002, Life Extension for Transportation Systems, December 2010
[60] NORSOK Z-008, Risk based maintenance and consequence classification, Rev. 4, December 2017
[61] NORSOK Z-013, Risk and emergency preparedness assessment, Rev. 3, October 2010
[62] DNVGL-RP-0002. Integrity management of subsea production systems, November 2016
[63] DNVGL-RP-A203. Technology qualification, June 2017
[64] DNVGL-RP-F116. Integrity management of submarine pipeline systems, May 2017
[65] DNVGL-RP-F206. Riser integrity management, April 2008
[66] DNVGL-RP-G101. Risk based inspection of offshore topsides static mechanical equipment,
August 2017
[67] DNVGL-ST-F101. Submarine pipeline systems, October 2017
[68] MIL-STD-1629A, Military standard: Procedures for Performing a Failure Mode and Effect Analysis,
August 1998
[69] International Association of Oil and Gas Producers. Report No. 434 – 5: OGP Risk
Assessment Data Directory, Human Factors in QRA, March 2010
[70] International Association of Oil and Gas Producers. Report No. 544: Standardisation of
barrier definitions – Supplement to Report 415, April 2016
[71] Institute of Environmental Sciences and Technology. IEST-RP-PR003:2012: HALT AND HASS,
September 2012
[72] Norwegian Oil and Gas Association. Guideline 070: Application of IEC 61508 and IEC 61511 in
the Norwegian petroleum industry (recommended SIL requirements), June 2018
[73] Norwegian Oil and Gas Association. 122 - Norwegian Oil and Gas recommended guidelines for
the management of life extension, August 2017
[74] Oil & Gas UK. HS073: Guidance on the Management of Ageing and Life Extension for UKCS Oil
and Gas Installations, Issue 1, April 2012
[75] AVEN. T., ØSTEBØ, R., 1986. Two new component importance measures for a flow network
system. Reliability Engineering 14, pp.75-80
[76] BIRNBAUM. Z.W. 1969. On the importance of different components in a multicomponent system.
Krishnaiah, P.R. (Ed.), Multivariate analysis II, Academic Press, New York ( 1969), pp. 581-592
98 © ISO 2018 – All rights reserved
ISO 20815:2018(E)
[77] COMER. P.J., ØSTEBØ, R. 1986. A Drillers’ HAZOP Method, SPE 15867, SPE European Petroleum
Conference, London, October 1986
[78] ISAKSEN. S. 2009. New insight into measures of component importance, In: Martorell, S.,
Guedes Soares, C. & Barnett, J. (eds.), Safety, Reliability and Risk Analysis: Theory, Methods and
Applications. CRC Press. Volume 2, pp. 1891 – 1899
[79] KIRWAN. B. A guide to practical human reliability assessment. Taylor & Francis, UK, 1994
[80 KLETZ. T.A. Hazop and Hazan, Fourth Edition, IchemE, UK, 1999
[81] NELSON. W. Accelerated Testing: Statistical Models, Test Plans, and Data Analysis, John Wiley &
Sons, Inc., Hoboken, NJ, USA, 1990
[82] REASON, J. Human Error. Cambridge University Press, UK, 1990
[83] SELVIK. J.T., AVEN, T. 2011. A framework for reliability and risk centered maintenance. Reliab.
Eng. Syst. Saf. 2011, 96 (2) pp. 324–331
© ISO 2018 – All rights reserved 99
ISO 20815:2018(E)
ICS 75.180.01; 75.200
Price based on 99 pages
© ISO 2018 – All rights reserved