Project Overview

CRA were tasked by a client to perform a reliability assessment of the chloride ingress protection system installed at their power plant to confirm it met the latest safety requirements.


At power plants, chlorides, usually in the form of seawater, can cause significant damage to the stainless steel sections of boilers due to a process known as stress corrosion cracking. Since seawater is often used to cool the condenser that supplies the boilers, there is a risk of a chloride ingress event if there is a condenser tube leakage. Chloride ingress protection systems are used to identify such an event and automatically isolate the feed to the boilers if it should occur.


The protection system consists of three probes measuring conductivity levels in the water to the boilers. Each probe is connected to an individual conductivity monitors that compares the conductivity levels in the water against a set trip-point. Signals are sent to close the isolation valves if two-out-of-three (2oo3) conductivity monitors detect high levels of conductivity (due to a chloride ingress event).

simplified representation of the system

Project Scope

The process in the diagram below was used to calculate the overall reliability of the system.
These steps are described in more detail below:

CRA organised and chaired a Failure Modes and Effects Analysis (FMEA) workshop with the client’s system engineers. This identified the key failure modes and their effects on the overall system. The output of the workshop was used to develop a fault tree representing the system. For this particular project, CRA developed the fault trees using RiskSpectrum software.

Component failure data was added to the fault tree models to allow the quantification of the system reliability. Fault Tree Analysis (FTA) is a commonly used method of reliability assessment and is prescribed in a number of safety/dependability standards, such as IEC 61508. The method itself is formally defined in IEC 61025.

This data was based on operational experience data and generic data. In addition, Common Cause Failure (CCF) assessments were carried out on the redundant components in the system and represented in the model.


Diagram of the process

Client Benefits

  • The assessment identified that the reliability target taken from the safety requirements would not be met using the current system configuration. Our review of the results highlighted the importance of the CCF of the redundant trip channels.
  • Sensitivity studies were carried out to investigate several different options to improve the system reliability and a number of recommendations were provided to the client organisation.
  • The system was modified following this assessment and CRA performed further studies on the updated configuration to confirm that the changes met the requirements.

Workers in Hi-vis jackets and helmets

Related Pages

Ark Data Centres

read more

Failure Modes, Effects, and Diagnostic Analysis (FMEDA) for Emerson CT5800 Continuous Gas Analyser

read more

Independent Technical Assessment (ITA)

read more

NNB HPC, Electrical and Hazards Safety Case Support

read more

Safety Case Production and Technical Support

read more

Get in touch