SAPHIRE is a probabilistic risk and reliability assessment software tool. SAPHIRE stands for Systems Analysis Programs for Hands-on Integrated Reliability Evaluations. The system was developed for the U.S. Nuclear Regulatory Commission by the Idaho National Laboratory. Development began in the mid-1980s when the NRC began exploring two notions: 1) that Probabilistic Risk Assessment the rapid advancement of PRA technology required a relatively inexpensive and readily available platform for teaching PRA concepts to students.
The history of SAPHIRE
1987 Version 1 of the code called IRRAS introduced an innovative way to draw, edit, and analyze graphical fault trees. 1989 Version 2 is released incorporating the ability to draw, edit, and analyze graphical event trees. 1990 Analysis improvements to IRRAS led to the release of Version 4 and the formation of the IRRAS Users Group. 1992 Creation of 32-bit IRRAS, Version 5, resulted in an order-of-magnitude decrease in analysis time. New features included: end state analysis; fire, flood, and seismic modules; rule-base cut set processing; and rule-based fault tree to event tree linking. 1997 SAPHIRE for Windows, version 6.x, is released. Use of a Windows user-interface makes SAPHIRE easy to learn. The new "plug-in" feature allows analysts to expand on the built-in probability calculations. 1999 SAPHIRE for Windows, version 7.x, is released. Enhancements are made to the event tree "linking rules" and to the use of dual language capability inside the SAPHIRE database. 2005 SAPHIRE for Windows, version 8.x, undergoes development. 2008 SAPHIRE for Windows, version 8.x, release as a beta version. 2010 SAPHIRE for Windows, version 8.x, release for U.S. Government and industry use. The evolution of software and related analysis methods has led to the current generation of the SAPHIRE tool. The current SAPHIRE software code-base started in the mid-1980s as part of the NRC's general risk activities. In 1986, work commenced on the precursor to the SAPHIRE software – this software package was named the Integrated Reliability and Risk Analysis System, or IRRAS. IRRAS was the first IBM compatible PC-based risk analysis tool developed at the Idaho National Laboratory, thereby allowing users to work in a graphical interface rather than with mainframe punch cards. While limited to the analysis of only fault trees of medium size, version 1 of IRRAS was the initial step in the progress that today has led to the SAPHIRE software, software that is capable of running on multiple processors simultaneously and is able to handle extremely large analyses.
NASA use
Historically, NASA relied on worst-case Failure mode and effects analysis for safety assessment. However, this approach has problems, such as it is qualitative and does not aggregate risk at a system or mission level. On October 29, 1986, the investigation of the Challenger accident criticized NASA for not “estimating the probability of failure of the various elements.” Further, in January 1988, the Post-Challenger investigation recommended that “probabilistic risk assessment approaches be applied to the Shuttle risk management program." Consequently, probabilistic methods are now being used at NASA. Specifically, the following projects have all used the SAPHIRE software as the primary analysis tool for risk:
SAPHIRE contains an advanced minimal cut set solving engine. This solver, which has been fine tuned and optimized over time, has a variety of techniques for analysis, including:
Extensive use of recursive routines
Restructuring and expansion of the logic model
Conversion of complemented gates and treatment of success branches
Coalescing gates and the identification of modules and independent sub-trees
Intermediate results caching
Bit-table Boolean absorption
Use of these and other optimization methods has resulted in SAPHIRE having one of the most powerful analysis engines in use for probabilistic risk assessment today.
Basic event probabilities
General basic event probability capabilities for SAPHIRE include:
Four different Markov models to represent the failure of a single component
A common cause module to determine a group common cause failure probability for groups of up to six redundant components
A load-capacity calculation allowing the user to specify a load and capacity distribution to determine P
A human reliability analysis calculator to determine a human failure event probability based upon the task type and compounding performance shaping factors
The use of template events which allow for failure information to be shared where applicable
A seismic fragility method that uses an associated earthquake acceleration level to determine a components failure probability
House events to set basic events to logically true or false or to ignore the event
A module to determine the loss-of-offsite power frequency and recoverability
SAPHIRE has been designed to handle large fault trees, where a tree may have up to 64,000 basic events and gates. To handle the fault trees, two mechanisms for developing and modifying the fault tree are available – a graphical editor and a hierarchical logic editor. Analysts may use either editor; if the logic is modified SAPHIRE can redraw the fault tree graphic. Conversely, if the user modifies the fault tree graphic, SAPHIRE automatically updates the associated logic. Applicable objects available in the fault tree editors include basic events and several gate types, including: OR, AND, NOR, NAND, and N-of-M. In addition to these objects, SAPHIRE has a unique feature known as “table events” that allows the user to group up to eight basic events together on the fault tree graphic, thereby compacting the size of the fault tree on the printed page or computer screen. All of these objects though represent traditional static-type Boolean logic models. Models explicitly capturing dynamic or time-dependent situations are not available in current versions of SAPHIRE.