Modelling and Improving Safety in Production System Design: Overall Approach and by Features, a Case Study

Enhancing the safety of any production system is a very important aspect in industries nowadays since it greatly reduces losses of resources. Moreover, safety ensures the health of the workers and a risk free environment. Often, most industries integrate safety in the useful life or during maintenance of their production systems. But this approach which is costly and sometimes causes the destruction of the existing system, seems to be irrelevant. A better solution is to consider safety in the process design of production system installation. To fulfill this aim, both probabilistic modelling of technical safety and modelling by Safety Features (SaF) give a better opportunity, and a step by step methodology to design safety production systems are proposed in this work. In order to be efficient in this approach, both proactive and reactive information are needed, and Safety Features (SaF) should be tools to sustain safety actors’ view in design collaborative communication. A case study has been lunched for illustration in hydroelectric power dam in Cameroon.


Introduction
Design is the synthesis, the putting together, of ideas to achieve a desired purpose [1]. The design process does not only consider the final purpose but equally looks at other important aspects amongst which is safety. Safety is defined as freedom from those conditions that can cause death, injury, occupational illness, damage or loss of equipment or property, or damage to the environment [2].
Reference [3] makes it clear, design errors are the causes of 20 to 60 percent of the accidents on installations. These errors are more rampant in new design since only proactive information is available and there is still a gap between the designer's view and the user's view which equally needs to be considered in the design process. Users in order to correct the errors or reduce the risk associated carry out modifications on the system which is costly and can be destructive.
To solve this problem of cost and destruction, the modifications done can be integrated in the upcoming design process in the form of Safety Features (SaF). This is based on the fact that design is the first stage in production systems' development and so design offers the earliest, and hopefully the cheapest place to intervene and get it right. This time around, the design process is both proactive, projecting new designs into their future use situations, and reactive, feeding back experience of using earlier designs. In other words, it needs to incorporate both explicit and implicit modalities [4].
In this light the specific objectives set to fulfill the global objective above are: a -Modelling of Safety Features (SaF) (description, taxonomy or classification, identification or list, and characterization of SaF); b -Integration of safety in design (representation of the design feedback process and establishment of a procedure which can be followed to integrate safety in design based on risks assessment and evaluation of existing machines).
To achieve the objectives, this work will begin with a literature review on manufacturing features, engineering design and safety which will be closely followed by a description of materials and methods used. Then the results obtained will be presented, discussed and illustrated in a System Safety Installation (SSI) designed in a hydroelectric dam.

Manufacturing Features
Different authors define manufacturing features in different ways. Reference [5] says a manufacturing feature should be comprehended as a professional terminology which has attributes of form and function, the name and meaning which can be associated with its special geometrical form, topological relation, drawing expression, manufacturing technology and tolerance demand. To this definition [6] adds by précising that a manufacturing feature is defined by the specific syntax and contains data such as mathematical representation; classification which can be either protrusion or depression; orientation with respect to other features or user defined coordinate system; and its geometric and topological structure. The tolerance demand mentioned in the above definition is a geometry data which describes the manufacturing requirements of a particular feature. Some manufacturing related data such as tolerances can also be added to the feature geometry data to describe manufacturing requirements of a particular feature. Other definitions of feature include that of [7] where a feature is a group of characteristics (information), relative to the geometry, technology, functions and other attributes of an object such that it can be used in the domains that intervene in the design process. A feature can also be seen as a representation of shape aspects of a product that are mappable to a generic shape and functionally significant for some product life-cycle phase [8]. Reference [9] investigates these issues and proposes a quantitative approach to assess the confidence in assurance case. This work highlights the contribution of safety features approach by an experiment application on an extract of the avionics DO-178C standard. In this light also, [10] made recommendations to facilitate and encourage continue discussion and efforts toward the integration of process safety engineering and fire protection engineering. A conceptual road safety framework comprising mutually interacting factors for exposure to risk resulting from travel behavior and for risk, is presented in [11]. The model's value lies in its ability to identify potential consequences of measures and policies for both exposure and risk.
Generally, in design, features are classified with respect to their role in the system. In this case, we can have: a -Functional features which are those features related to the principal function of the system in question; b -Assembly features which can be defined as the features used in linking single components of a product together [12]. Reference [13] defines an assembly feature as elementary relations between components extended with some assembly information. Lastly, an assembly feature can be seen simply as an association between two form features present on different parts [14]; c -Maintenance features which refer to those dispositions considered in a system to ensure its maintainability [15]. d -Manufacturing features which correspond to volumes in a product that could be machined with a single or sequence of operations.
Feature classification varies from one author to another depending on his/her needs. Pratt classifies features according to their domain of application [16]. Wenfeng's classification is based on function and form since a feature's function determines its form, processing and assembling demand [17]. Reference [18] classifies form features under positive or negative form features. These negative form are equally known as machining features since they are obtained from machining processes. They are mainly holes, slots and pockets.

Modelling
Modelling is the representation of an object or non-objects in the form of a model for its explanation [19]. It can equally be seen as the act of bringing out a representation of an object on a smaller scale. Generally, the model can either be quantitative (mathematical) or qualitative. The latter can be a representation of the prototype of a part or product.
Feature modeling is a design paradigm that has emerged as an alternative to traditional geometric modeling. In feature modeling, various types of features are offered as the basic engineering primitives for product design [20]. Feature modeling can be divided into regular-shape feature modeling and free form feature modeling [21]. Associated to the functional information, the shape of the object is modeled. These regular shapes in other words are objects with prismatic and cylindrical shapes with the most used features being protrusions, holes, slots and pockets. These features are shown on Figure 1.
On the other hand, in free form feature modeling, the general outline of a product or object is created in the initial phase of the modeling process by defining a primary feature which can simply be a volumetric shape. Next is the attachment of secondary features to the primary feature for adjustment purposes, while preserving the global outline of the product. These secondary free form features which are also known as detail features can still be protrusions, holes, slots, and pockets just to name a few. With feature modelling, there is a rich library of feature primitives, a powerful ability to modify and combine these primitives and above all some capability of user-defined features.

Design
Design is a human activity where the physical artifact or a part of it, which is under design, is not currently existent, but is believed to be so in the future [22]. The fact that the ultimate thing is not currently physically existent and cannot be observed and manipulated makes it necessary to represent the thing conceptually. Reference [23] gives a more explicit definition of design. It defines design as a process of formulating a description for an anticipated process system and/or an object system that is intended to transform an existing situation into a future situation to satisfy needs.
It has been found out that the environment is usually missing or not integrated in process models at the design stage. This has led to research work on the integration of the environment in the process model in which case the environment is represented using objects [24]. Thus, for example the safety process is enhanced since manufacturing follows the model simulated with the environment.

Features Based Design
Looking at Dixon's definition of a feature, it can be concluded that the method of design by means of features is suitable for expressing the designer's intent and the product information [18]. This explains why most designers nowadays drift towards features based design. Equally, the fact that features can be stored in a library and used in subsequent design with little or no modifications is of great interest since it leads to a gain in time.

Integration of Safety in Design
Integration is a natural phenomenon, which raises the isolated activities to a higher level with a new sense on the basis of which the functioning of the whole is more efficient and more intelligent. Reference [25] states that there exist two safety integration methods: a -Direct methods, which operate through standards, and other formal documents, design tools and actions. This is equally known as the explicit modality.
b -Indirect methods, which correspond to the implicit and individual modality and operate through individual characteristics of each actor (knowledge, experience).
The last method incorporates the feedback from the user. Generally, safety is considered in the design of any system via the first safety integration method. Nevertheless, errors do exist in the design process and are only noticed at the exploitation stage. These errors are the causes of 20 to 60 percent of the accidents on production systems installations [26]. These design errors are first checked and some corrected in the review of the design process by the designers. But a certain percentage still moves up to be identified by the user. It should be noticed that systems development begin with design and so design offers the earliest, and hopefully the cheapest place to intervene and get it right.
General concepts for fostering integration of safety considerations into design activities during the preconceptual, conceptual, preliminary, and final design stages are discussed in [27]. And it's evoked that the design organization determines the appropriate Safety Features to be incorporated in the production system project. The phases of a typical project involving development of complex technical systems and safety management tasks are displayed. Reference [24] presents a more explicit approach called design for safety, which links with approaches already in use, such as layers of protection approach. The method consists of two elements, a technology management environment aimed at supporting the interaction between the many contributors to safe design and a safety modelling language. But safety features (SaF) still remain without meaning. The design process for a complex facility is highly interactive and iterative. Therefore, coordination and communication among the activities and the individuals performing them is vital to the overall success of these activities. Safety features (SaF) based mechanisms must be established to ensure these communications. Indeed in the domains of manufacturing, assembly and maintenance features have been proved to be relevant in collaborative design for that purpose. Thus in the next sections of this paper, the probabilistic model of technical safety and the Safety Features (SaF) modelling are proposed.

Analytical Technical Safety Modelling
Safety analysis in production facilities is necessary to prevent unwanted events that may cause catastrophic accidents. Accident scenario analysis with probability updating is the key to dynamic safety analysis. Although conventional failure assessment techniques such as fault tree (FT), Bayesian networks, etc. have been used effectively for this purpose, they suffer severe limitations of static structure and uncertainty handling, and in general the lack of mathematical safety model which is of great significance in process safety analysis. Thus, in this section of the work are proposed mathematical tool modelling technical safety.

Reliability and Maintainability: Safety Fundamental Parameters
Reliability may be defined as "the probability that an item is able to carry-out the work that it is designed to perform within specified limits of performance for a specified interval under stated conditions".
The reliability function over a period of time t is the difference between the cumulative distribution function where t → ∞ and the cumulative distribution function in the period of time t or, alternately, it is the subtraction of the cumulative distribution function of failure over a period of time t from unity.
The hazard rate function is a representation of the failure rate pattern of the ratio between a particular probability density function (p. d. f.), and its cumulative distribution function (c. d. f.) or its reliability function.
For continuous random variables, the cumulative distribution function is defined by Where : f (t) = probability density function of the distribution of value t over the interval 0 to t.
The hazard rate function is then defined as Thus the reliability function is defined by: The maintainability function is used to predict the probability that a repair, beginning at time t = 0, will be accomplished in a time t. The maintainability function M(t), for any distribution, is expressed by the following relationship: is the probability density function of the maintenance (repair) time.
Obviously maintainability is as a cumulative distribution function as the complementary of reliability F(t). Thus the maintainability function is defined also by the following expression, thanks to (1) and (4) The repair rate function is analogically defined by: As far as systems safety operability is concerned the following Figure 2 is illustrative of relationships amongst its parameters.

Probabilistic Model of Systems Technical Safety
Let denote now t f and t r respectively operational and repair times variables of the production system. In this work a probabilistic evaluation model of technical safety is proposed from equations of its fundamental parameters, reliability and maintainability (4) et (6).
Thus is deducted after some transformations the mathematical expression of technical safety.
Obviously in useful life of system production assuming the failures and repairs rates to be constant, Figure 3 is indicative of technical safety behavior. In the next section of this work communication tools of industrial safety designers called Safety Features will be developed.

Safety Features Modelling
As earlier implicitly mentioned, Safety Features exist but without a general or global nomenclature and classification. Thus, this first step which is the modelling of Safety Features consists of defining, identifying the different Safety Features, classifying them based on given criteria and finally characterizing them. This part will be basically assembly and modification of what exist in literature.

Definition
We define a Safety Feature (SaF) as a group of characteristics or information relative to the operation, geometry, technology and other attributes of an object which enables it to eliminate or reduce hazards, protect personnel, installations, products and/or environment, reduce the effects of any accident.
Thus the two main classes of Safety Features are: 1 -Safety Features incorporated in system which refers to the intrinsic features found in the main structure of the system, incorporated with the components during installation or even attached to the body. The features in this class are: a. Inherent Safety Features: These are features that are formed directly on the main body or are joined inseparably to the system. They eliminate or reduce the hazard and keep the system safe. They are always prioritised since they are intrinsic, less costly and more effective. This category includes features such as fillets which eliminate the sharp edges and the risk of cuts of equipment.
b. Add-on Safety Features: These are features which are only added to the main body of the machine. They are equally known as protection Safety Features. They are designed to protect the workers, product, environment or machine from risk. Here, it is the occurrence of the hazardous situation that is eliminated or reduced. They are protective and can either be passive, active features or safety signs. Passive means they don't need any power energy source to work. Fixed enclosed guards are found in this group of Safety Features (see Figure 4). Guards generally are features which protect body parts against moving objects. On the other hand, active features are those which need a power energy source to function. Protective devices such as fuses, relays, etc. are Features found in this group. Lastly, safety signs are the one which provide protection exclusively by indications. These indications can be regulatory (prohibition and mandatory), warnings (caution and danger) or information (emergency). An example of such a sign on the machine is the warning sign on figure 5 which is a danger sign that indicates high voltage. b. Safe working procedures are features which are similar to safety signs because they do not ensure safety on their own. They are step by step instructions on how to operate a machine for a particular purpose avoiding dangerous situation.
c. Personal protective equipment are Safety Features used by personnel for their individual or personal protection. They include safety boots, helmets, respiratory masks, head bands, gloves, etc.
d. Safety signs out of machine have the same function as the safety signs in (on) the machine. An example of such a sign is the warning sign which cautions the personnel on the nature of the floor when it is wet.

Characterization
It helps in giving a complete and technical description of the Feature. The characterization parameters proposed here are: function, shape or geometry, dimensions, manufacturing technology, position, material, color and the nature of the information.
Operation (function) is the first and most important point when it comes to Feature characterization because it is from this the other characterization parameters emerge. It refers to what the Feature is to do in order to enhance safety. Generally, for inherent Safety Features, the function is to eliminate or reduce the hazard. For add-on Features the aim is to protect against the hazard. For the specific functions, it is left to what precisely the feature does. For example, fixed enclosed guards generally protect and specifically eliminate the possibility of hazardous situations by enclosing the hazardous zone.
Shape or geometry refers to the look or the outfit of the Feature. The topology or arrangement that permits the feature to accomplish its function effectively, and how it is to be manufactured. This is in the case of form Features.
Dimensions are sizes of different measurable quantities. For the safety function to be accomplished, a particular size of the Feature is needed. For safety signs in companies the size of the paper or plate should be conspicuous in order to draw the attention of the personnel. Thus according to where and for whom the sign is for, the size is determined.
Manufacturing technology induces manufacturing processes that are used to realize the Feature. Different technologies lead to different outputs especially in cases of precision. Thus the technology used in the manufacturing of a particular Feature gives knowledge on aspects like dimensional precision, strength, the nature of the surface, etc.
Position indicates the location of SaF on machine structure. The description here is relative to other Features. Two Features can have the same shape and dimensions but their position can change their functions. For instance a slot can serve as a keyway on a shaft but at the entrance of a grinder as a lodge for a magnet which is important to eliminate metallic objects.
Material refers to the internal make-up of the Feature. The choice is made with respect to other parameters regarding the material strength, availability, cost, etc. and equally what the feature is to be used for. It should be noted here that material is considered more in cases where the Feature is to be incorporated on the main machine body. When the feature is on the body, it usually assumes the same material of the machine body.
Color is the visual aspects that characterizes Safety Features. Different colors pass on different messages. In some cases on pipelines, just the color of the pipe is a Safety Feature that gives information on what is being transported in the pipe. Thus the personnel knows the safety precautions to take in that zone. Active protective Features have particular colors to indicate their function. For instance guards are always in yellow. In addition, for safety signs, the color is a language and gives a specific message.
Nature of information is used for the characterization of safety signs and safe working procedures. For Safety Features, generally the information can be exclusively signs or text or mixed. On the other hand, safe working procedures can be in text form or can have illustrative pictures or diagrams.

Taxonomy
The identified Safety Features in this work can be categorized according to the illustrative figure 6.

Safety Features List Identification
The different safety features identified are:

Risk Analysis
Decisions made at the conceptual stages are crucial in forming the basis for process design. At the beginning of the design plant, safety elements should receive consideration by the product and process research and development team, designers and managers. As illustrated by Figure 6, the timing of design changes can greatly influence their impact. The opportunity for maximum intrinsic safety is greatest during early stages of design, while it is greater for extrinsic safety in operational life. Figure 6. Effects of timing of design changes [26].
The risk assessment is an important step in the methodology proposed to integrate production systems safety in process design and useful life in this paper, and it's assumed that at early design stages the system does not exist, thus it isn't operational. Reference [27] proposed logical steps risk analysis based on Kinney method to assess risk according to probability of occurrence, frequency and the effect of the hazard (see Figure 7). Thus, since the admissible risk threshold (R adm ) of 20 in Fine and Kinney scales [27] remains unreachable the process design doesn't change, otherwise safety features should be modelled in respect to Figure 8.

Holistic Methodology Integrating Safety of Systems in Process Design and Useful Life
As seen in Fig. 8, a production system passes through the design process stages. It is at theses stages, manufacturing, installation and utilization that the method for the integration of safety, with feedback through Safety Features modeling developed in this paper can start. The process is lunched with a study of the system notwithstanding the life stages. It is to know whether the system at those stages is operational or not. This involves having a knowledge of the primary and secondary functions of the system and thereafter its operation. It does not only end at the normal operation but goes further to look at the installation and maintenance operations involved.
The next step consists of identifying already existing safety features and the risks they are actually reducing. This in other words is bringing out the present state of the system with respect to safety. Note should be taken in this step since a reduction measure can be a hazard which should be assessed in the next step.
The risk assessment step is a crucial stage since it is what gives the information to be feed back into the design process or other phases. This is done, with the exemption of already reduced risks. The aim of this assessment is to know the level of risk to which the system, personnel and environment are exposed, this being the focal point. The risk assessment method adopted will differ depending on the system in question and the available information. It will also depend on the competence or how versed the user of the method is with the method. It should be noted that since the concept of 'zero risk' is not real, acceptable risk is used as a reference in the method except in cases where two or more acceptable risks which have the same source show up.
Thus the question asked at this step is whether each risk identified and assessed is acceptable or not. If it is acceptable, the design is maintained. On the other hand; if not, the hazard goes to the next question which aims at knowing if the risk can be eliminated or removed. If it can, the elimination safety features modeling for that starts. On the contrary, if the hazard cannot be removed, a check to know if it can be reduced is done. If the answer to risk reduction is affirmative, the modeling of risk reduction features is lunched. If not, another check is carried out to know if there is a possibility of protection. In the case of a positive answer, protective features modeling starts in which case it can either be passive or active protective features with priority given to the passive safety features. Regulatory signs can equally be used here. In the case of a negative answer, warning signs, safe working procedures, personal protective equipment or training can be brought out and applied.

Design of a Fire Safety System: A Case Study of Hydroelectric Power Dam in Song-Loulou
The Company ENEO Cameroon SA in 2015 received the visit of its insurers. After the hazards evaluation of its installations of the hydroelectric power dam of Song-loulou, one of the recommendations was to protect the electrical gallery rooms from disasters such as fire: in idea to renew the insurance contract. Thus, was allocated to us the project "put in place a fire protection system in the electrical gallery of the electrical power dam". The purpose of this project had been to set up an automatic detection and extinction system. To conclude this project, firstly a report had been done on the existent where came out the installation diagram, the types of risk in each room and the suitable extinguishing agents. Thereafter, the solution proposal consisted in making the choice of the type of installation after calculating the economic quantity of gas necessary in conformity with the rule R13 of the Plenary Assembly of Insurance and Damage companies. Then, the technology and the number of detector, quantity of diffusers, and an establishment diagram had been assessed. Lastly, the project impact on the insurance indemnities was studied. Figure 9 is illustrative of fire safety system which is the composure of design Safety Features. As far as Safety Features modelling is concerned in this paper, a manual command of extinguishing Safety Feature is shown in Figure  10.

Conclusion
This paper has proposed a mathematical model of technical system safety and characterised Safety Features. It has defined what a Safety Feature is, identified their different categories and classified them under specific groups based on their position and function. Lastly their characterization has been displayed. This leads us to saying that Safety Features do not only end at the point of tangible aspects but equally concern intangible aspects such as safe working procedures, etc. Equally, the design process has been considered as a feedback process, since both proactive and reactive information are needed for an effective design. This concept has equally lead to the establishment of a procedure which can actually be followed to incorporate the reactive part of the information in the safety design process. This procedure relies on the results gotten from the risk assessment carried out and the results lead either to a maintaining of the design or modelling of Safety Features that can eliminate, reduce the risk to an acceptable level or protect facilities and environment. A modelling case study has been applied in hydroelectric dam facility.
In perspective mathematical characterization production systems safety should be investigated.