User login


You are here

Topic 34: Can the application of Redundancy Increase Safety and Reliability in the oil and gas industry?

Elvis.E.Osung's picture

A system with a single point of failure is usually made more reliable by the concept of redundancy. Redundant members are added in structural members to reduce the likelihood of failure.

This has an effect in increasing the safety, functionality and reliability of the structure. Redundancy in Engineering is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the case of a backup or fail-safe. This is highly applicable in many critical systems.

 How can the oil and gas industry achieve a higher Safety and reliability level with the application of redundancy?


Toby Stephen's picture

In structural terms, redundancy absolutely can and will increase the safety and reliability level of a structure. Since non-redundant structures rely on each and every member of the structure, should one member fail then the whole system is placed at risk, whereas redundant members can potentially avert failure or collapse until the system is fixed.

I would imagine, however, that the major problem associated with the application of redundancy in the oil & gas industry is the increased cost and maintenance associated with it. Redundant members are only as good as their upkeep, so the additional costs of corrosion management etc would certainly add up and the implementation of redundant members would most likely come down to costing vs the increased margin of safety (that is, the additional strength added by the redundant members).   


Toby Stephen
MSc Oil & Gas Engineering

Trevor Strawbridge's picture

In structural terms I do concur with Toby. However, one of the main issues with subsea structures of late, is associated with installation and particularly the weight challenges. There seems to be several variables that can determine the weight factors that include the soils, width of mud mats, pilings etc. Over design with redundant members can lead to additional weight and costs. For example: If a subsea manifold weight exceeded the limit of the intallation vessels crane, then it may require intallation in separate modules and hence multiplying vessel time. Furthermore from a H&S point of view there could also be added risk to divers working in potential pinch point areas etc. I do not discourage any redundancy required. Far from it, but I do encourage best practice design that would result in fit for purpose assets, and not adding members just as " nice to have's"




Mostafa Tantawi's picture

Mostafa Tantawi
Masters Of Subsea Engineering, University of Aberdeen

is a common practice approach in Subsea systems, all subsea manufacturing
companies are being requested by their clients to include redundant items in
their systems, as an example of this the Subsea umbilical which is responsible of
controlling the subsea systems( actuators, valves, PTT) is manufactured in a
redundant manner, so we find two high pressure lines, two low pressure lines,
two electric supply lines. And the alternation between those lines is done
automatically if one line fails to supply enough output. This approach does not
only increase system reliability but also if you looked at it in rather a
Safety point of view you will find it very useful, and SSIV’s ( subsea
insulation valves) are a very good example on that.


Redundancy is
meant to enhance productivity by improving system availability and this is
achieved by building over capacity into the system through parallel training of
equipment. Such equipment could either be in a passive mode or an active mode.
However redundancy can also reduce system reliability and increase requirements
on system maintenance. At this stage we can say it possible for redundancy to
be counterproductive and it’s more likely to occur in a subsea system than in
other oil and gas applications. This is due to the nature of some subsea
maintenance that can take too long before their maintenance are carried out.
For example say you have two chokes in a wellhead to maintain control of the
well and one of the choke fails.

The reliability of the satellite wells is reduced by introducing more
equipment, particularly the choke
modules themselves which have relatively low
reliability, and there is
also additional valving required to permit the
switching of the flow
through a specific choke. Consider a situation in which the subsea maintenance capability in the field is restricted to several weeks
annum There will be more maintenance work to be carried out on the dual-choke wells than
single-choke wells because of the overall
lowering of wellhead
reliability. Hence the maintenance vessel may
spend more of its valuable
time maintaining back up chokes at the
expense of equipment causing direct production


Discussion Topic 34: Can the application of Redundancy Increase Safety and Reliability in the oil and gas industry?

I will agree with my colleagues, the application of redundancy can play a very big role in increasing safety and reliability in the oil and gas industry. Redundancy is said to increase system reliability  in that  redundancy structures on a system help engineers  to check the availability of warning signs  before total collapse/failure of a structure  occurs based on probability-based system redundancy concepts [1-3].The warnings that occur  before total failure of a structure enables safety/maintenance engineers to  carry out diagnosis of the entire structure and devise means of avoiding such failures to occur and thus improve on safety and reliability of such systems/structures. This is very crucial especially for offshore platforms that are subject to varying weather conditions such as hurricanes and strong waves as well as accidents from sailing ships.

Most of the offshore accidents in the oil and gas sector have been mainly due to human errors,such as errors and omissions during design of offshore/subsea structures; a good example is the Alexander Kielland oil platform disaster/accident of 1980  and the Gulf of Mexico hurricane lill that let to failure of some offshore platforms. These accidents were mainly due to fatigue failure.By incorporating the concept of structural redundancy in the design of such structures/systems,structural system failures would definitely be reduced as it would improve on structural robustness and be in position to avoid accidental events  such as fatigue and fracture failure of some member,failure of a member due to corrosion, defection on technology or accidental collision. For a redundant structure/system,failure of an individual member does not imply system failure thus, a redundant structure allows for further improvements in the strength of the structure to be made prior to failure thus increasing safety and reliability of such structures/systems and this is very important measure of improving safety and reliability in the oil and gas  industry especially offshore platform structures.


John Bosco Aliganyira
Msc.Oil and Gas Engineering

1.Maximization of System Reliability with a Choice of Redundancy Strategies,2010 by  David W. Coit.
2.System reliability and redundancy in structural design and evaluation by Samer Hendawi, Dan M. Frangopol.
3.Redundancy and robustness of systems of events, 2000 by K. Zˇ iha.
4.Developments in structural system reliability assessments of steel offshore platforms,2001 by T.Onoufriou*, V.J. Forbes

Menelaos Michelakis's picture

(Answer to : Elvis.E.Osung, adding comments : Toby Stephen, John Bosco et al.)

Redundancy does not always help a system. But a few clarifications need to be maden. Redundancy of human resources, or redundancy of technology, equipment/tools/mechanical parts or even money ? They are all usefull but only after certain circumstances.

Human resources : Most of the posts, refer to human resources. Beyond a certain number of employees/workers the productivity/ efficiency of a system falls, and you can check almost every management book to validate this. So, i do not really believe that the application of redundancy (human resources) will increase safety and reliability in the oil and gas industry. Oil companies hire the number of people they need and quality of engineers, matters more than quantity. 

Equipment : Redundancy in equipment/tools/machinery/certain mechanical parts, truly increases safety and reliability in the oil and gas industry, and i shall set 2 examples.

Imagine a Christmas Tree- the one with the valves. Imagine it now with half of the valves... Safety, is significantly reduced in the second case, so here redundancy increases safety.

Imagine a platform accident (a fire for instance), with people running towards the life rafts, without life jackets. Now imagine them running with life jackets. Saferty is increased in the second case.

So, a few valves or certain equipment can increase safety significantly. Generally, i would not use the word redundancy, because everything depends mostly on the minds of the engineers that govern, and secondarily on money spent or more human resources. Funds spent for equipment/tools, or better quality mechanical parts, never go wasted in my opinion, because few money properly invested, guarantee success and can prevent a tragedy.

Ref : A.Mather, Offshore engineering - An introduction (second edition)


Kobina Gyan Budu's picture

I cannot agree more with Menelaos on his last point “…money properly invested, guarantee success and
can prevent a tragedy”.
Redundancy is a very important technique in facilities engineering. It is incorporated in systems to boost
their reliability, increase their availability, increase utilisation and ultimately increase production. The
failure of a critical component like valve or a pump can lead to facility downtime, loss of precious man
hours, loss of production and sometimes a failure event leading to catastrophic consequences. All these
can be averted by a single redundant valve or pump. Redundancy will enable planned/routine maintenance
without any interruptions in production.

However, a facility’s redundancy is as good as the maintenance programme put in place to manage it.
Without appropriate maintenance, redundancy may not serve the desired purpose. If not properly
managed, redundant equipment may equally fail at a crucial moment. A good maintenance practice will
proactively test redundant equipment regularly to ensure they are in good working condition. When
properly run and maintained, redundancy will improve on the reliability of the entire system in the oil and gas industry.


I agree with topic and class mates' opinions for topic. Redundancy
can increase reliability and safety. Component states are divided into 2 cases,
failed or not failed. So if system has redundancy, probability of failure could
be lower than single system which means reliability of system is increased. Additionally,
safety system should be activated under designed trigger i.e. hazardous
situation. More reliable safety system can reduce failure rate of safety
system, so redundancy can contribute for safety.

Especially subsea system can hire redundancy in control system.
Subsea Electrical Module in control module has redundancy i.e. system A and B,
each system can be functioned independently. Even though one system is failed,
operator can choose other one. From this, operator does not require for
considering workover which is needed for huge amount of cost.

But if we trust blindly redundancy, conclusion could be identically
2 independent systems. This may relieve operator's worry for safety and
reliability, it could be considered exaggerated one only. So set the target for
some level of reliability e.g. 99.99xxx % and design team consider
configuration including redundancy for meet the target.




ikenna_ekekwe's picture

Redundancy is built into systems to increase system reliability, ensure system integrity, and to make sure that in the event of failure emergency, the system maintains its functionality for enough time to monitor, control and rectify the situation.

However, we have to take into consideration that system redundancy is achieved by duplicating (and at times triplicating) expensive critical components in the system and as Toby mentioned earlier, this can only serve to increase CAPEX and OPEX. Also, these redundant components consume footprint and space is of a premium on offshore platforms. Redundancy is also now frequently misapplied in that too many assumptions could be made during the design stage

With the current trend of less funding with increased pressure to deliver results, the focus should be on designing systems which help meet plant operational needs such that redundancy would become a luxury that can be done without as much as possible.


Ikenna Ekekwe 

Joan.C.Isichei's picture

 I fully agree with Ikenna. In addition to his post, I’ll like to add that the conflict between the system reliability and cost issue in redundancy gave rise to the redundancy allocation problem (RAP). RAP entails the concurrent "selection of a component and system-level design configuration that collectively meets all design constraints”[1] in order to optimize objective functions such as reliability or cost. Different optimization approaches have been proposed to solve the redundancy allocation problem, most are based on meta-heuristic approaches. I’m of the opinion that solving RAP problem with these approaches can go a long way in helping oil and gas reliability engineers to balance out the reliability/cost redundancy issue when desinging safety systems.


      1. Multi-objective reliability optimization of series-parallel systems with a choice of redundancy strategies. By Safari, Jalal. 


Lee Soo Chyi's picture

Yes, it will definitely increase the safety and reliability. The most straight forward evidence to support the statement is the capsized of Alexander.L. Kielland Platform due to the absence of structural redundancy. The designs of semi-submersible today must consider the structural redundancy which comprising facture of bracing or joint between bracing as required by Classification Society (DNV, ABS). Besides structural redundancy, system redundancy is very important too. For example in Dynamic Positioning (DP) rig, the main set of system is thruster system. The subsystems required for operation of the thrusters such as machinery, power generation, power supply, control systems, ventilation systems shall be designed with physical separation for components that provide redundancy. The main set system is divided into 4 splits or families for 8 thrusters, DP3 rig. Subsystems are designed and arranged accordingly. The families are independent and not connected with other. In case one family is down, the other families are remained intact and still able to operate.  The best way to measures the system redundancy is by performing Failure Mode and Effect Analysis (FMEA).


Soo Chyi, Lee

Soseleye F. Ideriah's picture

Redundancy is a concept that takes advantage of the fact that providing backups for components might reduce the chance of a failure event. Even unreliable components connected in parallel can lead to an increase in system reliability. However, increasing the number of components in a mechanical system can also increase the complexity of the system as well as the complexity of associated problems as outlined below:

Common-mode error

Adding extra components can create a catastrophic scenario where one single fault may cause failure of all components. For instance, in aircraft design, reducing the likelihood of engine failure by the addition of extra engines brings with it an increased probability that a single engine will cause a more serious accident, by blowing up and starting a fire that destroys all other engines and the aircraft itself. 

The problem of overcompensation

Redundancy can be counterproductive when adding extra components to a system causes system operators to dangerously increase system production beyond design limits. The perception of a safer system with more “backup” may lead to risky behaviour. The challenger space shuttle explosion of 1986 is a catastrophic example of overcompensation. The accident was caused by the failure of a primary O-ring and a backup secondary O-ring, leading to an explosion. The fact that extremely cold temperatures would reduce the reliability of each ring was overlooked. The backup secondary O-ring gave a false perception of safety, making operators overlook the dangerously cold and unprecedented temperatures for launch [1]. 

System reliability can be improved by redundancy, but it should always be remembered that redundancy does not eliminate the chance of low probability, dangerous events that may lead to failure. The oil and gas industry must understand the limits to the reliability offered by redundancy.


1 Scott D. Sagan: The Problem of Redundancy Problem: Why More Nuclear Security Forces May Produce Less Nuclear Security

adavis's picture

I agree.  Redundancy cost money and money drives buying decisions.  I'm sure there are numerous examples of designs that were much safer than existing designs.  However, if the design is too expensive or the value of the redundancy is small compared to the risk, customers will simply not buy it.

Engineers routinely have to make decisions about how to spend their budgets and as such have to understand the risk vs reward of redundancy.  Redundancy for the sake of redundancy does no one any good.  As some have pointed out, we have to understand the weakness point of the system and the severity of failure.  If the risk is high enough, we need to provide redundancy for those components.

Foivos Theofilopoulos's picture

I could not agree more with Soseleye. His example of the Challenger disaster was spot on. In my opinion the need for redundancy should only be considered as an option only after painstaking examination and proof that some particular critical (or not) component can fail AND that we (as part of the design process) are as close to 100% as possible in our certainty of the conditions that will apply to those components. Redundancy should be considered as an option when we know the conditions under which the component we duplicate will fail. If not, then we might find ourselves in the unfortunate position of both the backup and the original failing by the same condition.

So, for environments where maintenance is difficult and expensive, pre-built redundant systems are important, but they should be applied only in cases where we are fairly certain of the failure reason to the original component.

YAKUBU ABUBAKAR 51126107's picture

Application of redundancy especially parallel system redundancy
is an importance way of improving overall system reliability especially on a
very critical system component of the system to ensure maximum availability and
safety, typically in subsea oil & gas operation and other petrochemical
plant operations where safety is number one priority.

The importance of redundancy on a system is  directly related to the Birnbaum importance
and also a function of the component chosen and time, so is imperative to
determine both the qualitative and quantitative impact of the component in the system.

The addition of active or passive parallel redundancy would
reduce the system probability of failure and increase the system reliability
especially where cost, space and weight are a critical constraint.

Yakubu Abubakar.

Kareem Saheed Remi's picture

Much have been said about
the importance of redundancy on safety and reliability in oil and gas industry.
When it comes to rotating equipment in oil and gas industry, especially those
rotating equipment that are directly involved in production, the concept of
redundancy built into them in terms of number and parallel arrangement help in
meeting up the maintenance schedules on those equipment without or with minimal
impact on production. Carrying out the maintenance activities in timely manner
without worry about the impact on production contributes to the reliability and
availability of the equipment in general in term of up time.


In safety, when it comes
to having life raft as a measure of redundancy to life boat. In evacuation scenerio,
you cannot imagine after boarding the life boat the engine refuse to start,
believe me, you won’t have the time to repair/troubleshoot fail-to-start engine
instead you use life raft as alternative. 

Kareem R. Saheed

michael saiki's picture

When we design today we adopt robust design models especially for Structures(Trusses) and thats because we need to minimize the probability of complete failure of a system. If we design only to capacity requirements without providing a redundance which helps to allow for load and stress transfers and absorption, when there is a failure of a section or component of the entire system the whole system fails. The point however we need to note is that redundance may not maximize reliability because it depends on the reliability of each component but it minimizes complete system failure. Also it helps to allow for effective routine maintenance with minimal disruption to system output.

Additionaly, In the event of an accident or component failure we are sure the redundance which is like a diversity or protection takes over the differential load or stress due to failure of a component thus ensuring the system reliability.

I dont think redundance increases safetydirectly, in other words we cant just say becuase we have increase redundance we would have increased safety but reliability has a direct relationship with probability of failure thus if we can guarantee that the redundant members have high reliability then we would have improved safety

Elvis.E.Osung's picture

The essence of Redundancy models in oil and gas system is both used for safety and reliability. The application of redundancy is a proactive measure where the probability of system failure is mitigated by the introduction of an alternate component (As Mostafa and Michelakis have pointed out). The argument by some of us (@Ikenna and Toby) bordering on the application of redundancy increasing CAPEX and OPEX is not very strong when compared to the cost of replacing a dysfunctional subsea component and the resulting loss of production due to system failure or can you imagine what the absence of a subsea isolation valve will cause in the case of an emergency shutdown if we only had to depend on the down hole valve just to reduce CAPEX. @Michael, redundancy may not necessarily increase the reliability of individual components, but increases the reliability of the system as a whole unit.



Deinyefa S. Ebikeme's picture

Several comments have
been made by my colleagues concerning the topic redundancy as it affects the
safety and reliability of any system.

I must draw your
attention to the fact that redundancy is usually incorporated in any system
during the design phase of such systems and it is a function several factors
such as production process (continuous, batch, etc.), cost (CAPEX and OPEX),
weight, location, services, reliability etc. all be considered in order to make
the system safe to a reasonable extent after critical evaluations before
construction commerce and operation phase rolls in.

In recent times,
redundancy introduced to oil and gas systems are all automated with
self-troubleshooting (such as HART and FF Systems) and so requires little or no
human resources to carry out its function.  

Therefore, redundancy
definitely will increase reliability.

Deinyefa Stephen
Ebikeme IBIYF

Igwe Veronica Ifenyinwa's picture


Redundancy can greatly improve the reliability and
availability of your control and/or monitoring system. Most applications do not
need redundancy to be successful, but if the cost of failure is high enough,
you may need redundancy.

Be that as it may, the decision
to invest wholly in system redundancy does not always add value, and can
achieve very little in terms of overall system availability especially if the
benefits and impacts of the design for redundancy are not fully evaluated. For
instance, if there is a notable probability of common cause failures arising
and these are not accounted for in the design of the redundancy, then it can
render the redundancy practically useless and of no effect. If a common cause
failure arises in operation, it can cause both the primary and redundant
systems to fail in close succession, giving nothing in terms of reliability
benefit and outcome. The use of RAM analysis can also account for identified
common cause failure modes, to determine the potential benefit of adopting
different and redundant design in a system.

Agba A. Imbuo's picture

I will start by saying that in the oil and gas industry, the cost of Subsea intervention is very high compared to cost of Subsea hardware so Subsea systems should be built to a reasonable amount of safety. During the design stage of a critical component like the pump, valve and actuators,it is important to note that redundancy should be incorporated as it will increase the system reliability, availability and maintainability as this could prevent serious catastrophic effects like explosion, loss in production time, injuries  and most of all loss of life.
let us look at a scenario where we need to carry out a system maintenance or  workover as a result of say corrosion, fatigue, stress or fracture , instead of shutting down production for the period, redundancy ensures that  production still go on while other activities are carried out .This should not mean that the idea of using best practices in designs should be eliminated or overlooked as having a redundant system or component  does not eliminate completely the probability of failure.


Andrew Allan's picture

Ok, so I just invented the title (AHARP!), but the oil and gas industry could do with some more abbreviations right?!!

Of course, operators want a highly reliable system, but as with the reduction in risk there comes a tipping point where the cost of increasing system availability grossly outweighs the increase in system availability.

This is where an assessment of the criticality of each component in the system must be undertaken to identify the impact on the overall system availability should the component fail.   Mean Time to Failure (MTTF) and Mean Time to Repair (MTTR) are also critical in this analysis, as the mobilisiation time for a specialist contractor may significantly increase downtime of the system.

Another important consideration is time benefits which may sit within the system.  Things such as linepack (where a pipeline is filled to near its maximum operating pressure) can mean that if there is a failure upstream the pipeline can continue producing, drawing down on its inventory until the failed component is repaired meaning no downtime for the system as a whole.

Critical components with a high impact on system availability should be considered along with the cost of additional redundant capital equipment, cost and time to repair etc in deciding whether the costs involved in increasing the availability of the system is disproportional to the increase in availability.

Neil Fraser James Carr's picture

isn’t the safety factor here. It is the good design with where appropriate
additional measures taken to ensure the safe operation of equipment and asset
within a reasonable cost.


mentioned in another blog the importance of SCE’s offshore and how these come
into play when an event is occurring, couple this with verification
schemes  and ICP inspections it is always
assumed that the functionality of these components will be maintained.


Redundancy is factored in on the key components
within these systems an example being. BOP shear rams, or Life boats and life
raft allowances. Both of which allow an adequate amount of slack in the system
to ensure that the asset and staff will be protected. These are good uses of
redundancy offshore and allow  a
secondary means of reconciliation in the event of the other being lost. Design and
planning are the main safety measures here though as it is from this stage that
the ideas of having 150 percent POB evacuation possible on board or the idea of
“what if” is applied to the BOP then the additional measures are required. However
it isn’t a good idea that redundancy can alleviate all risks off shore as it doesn’t
matter how many systems are in place a poor design or planning  will undoubtedly endanger people on board.

Andrew Strachan's picture

I totally agree with the first statement made in Neil's previous post. While I agree with some of the examples in previous posts of increased safety through redundancy I think we need to be careful as engineers not to assume safety and reliability sit hand in hand.

Three valves in series (starting in the open position) is a safer system than three valves in parallel, since from a safety perspective the critical objective is to shut in flow to prevent a major incident. From a reliability perspective where lost production time and intervention costs are taken into account a parallel arrangement would be more reliable since closed valves need to be opened again.

Using the 3 valve arrangement example from class (0.98 open and 0.99 close):
Series System
System reliability (open then close) = 0.941
Reliability in closing once all valves are open = 0.999999
Parallel System
System reliability (open then close) = 0.971
Reliability in closing once all valves are open = 0.996

This is a very simple example but it demonstrates that it is important to understand and identify the intent of redundancy at the design phase.

JIEFU's picture

Redundancy increasing safety and reliability is truth which can be proved by conducting the Fault Tree Analysis. The failure of the Top Event can only occur when all the basic events fail, which means its possibility is the Union of all the possibilities of these basic events. Though redundancy will increase both CAPEX and OPEX to some degree, but what can be more valuable than human Health and Safety.  

In terms of the data reconcilidation in oil and gas industry, especially in subsea pipeline system, redundancy of data is essential and critical for achieving accurate and reliable real-time pipeline information and delivering proper pipeline operation. For instance there are five pressure sensors distributing within a certain length of subsea oil pipeline. If one of the sensor fails, system can make reasonable "guess" based on both the data gained from the other four sensors at the same time point, and the data received before this time point (where assume a reliable database is available). Here we can imagin what would happen if there's no data redundancy, which will lead to severe consequences if the sensor failture was caused by extreme conditions within pipeline, for example high pressure.

Bassey Kufre Peter's picture

The Alexander L. Kielland of March 27th 1980 at the North Sea clearly explained the concept of Redundancy(Duplication of a system’s critical components either in parallel or in series such that their effect upon failure will not lead to the system’s failure or stop or reduced the production capacity)  Redundancy is  one of the safety tools for safety engineers. The D-6 bracing failed as result of lack of  redundancy which led to an induced fatigue on on the fillet weld of the hydrophone subsequently leading to  123 fatalities .

In Piper Alpha‘s disaster,investigation revealed that the accident occurred due to initial condensate leak which was as a result of maintenance work being carried out simultaneously on a pump and related safety valve. The design did not take into account redundancy in providing a redundant pump which would enable a  maintenance process  to be carried out by mere switching without stopping or affecting production capacity and also risking the lives of workers, properties and environment.

From the above demonstrated accident cases and several others,it is obvious that redundancy can increase safety and reliability in the oil and gas industries. A Reliability Block Diagram ( RBD) should always be employed to analyze the   effect of component’s failure on a system. This will increase the safety and reliability of the entire system.

Bassey, Kufre Peter
M.Sc-Subsea Engineering-2012/2013
University of Aberdeen.

Oluwasegun Onasanya's picture

when evaluating our level of acceptable risk, it is useful to discuss a highly phiosophical point- how much backup do we need?
What is the criticality of the system?
How critical is it to daily operations and production?
How much is the company's loss, if the critical system goes down?
How long does it takes to bring it back on-line?
How much down-time, can be afforded?
Within the oil and gas industry, there are several systems, ranging from Power generation system, Water injection system, Gas
injection system, Production system. The equipments within these systems, are more critical than the other.
Equipments within the power generation system are more critical than any other equipment even in other systems. The reason is that
majority of the equipments need power to be in service.
With such criticality, redundancy has to be factored in, right from the design of the equipment itself.
On a close account, Turbine engines used for power generation are designed to use dual fuel, though one at a time, if the facility
shuts down and loses gas, the engine can switch over to diesel fuel, without shutting down some other major equipments.

The use of redundant equipment, can allow for repair with no system downtime. Some situations exists in which equipment cannot be
maintained, in which case dormant redundant elements may be a necessary approach to prolong operating time.

The application of redundancy is not without penalties as it increases weight, space, complexity and cost. However, the costs may be
recovered by the increased reliability.
Thus safety and reliability is gained at the expense of adding more items to the equipments.


1. Active Redundancy.

farman oladi's picture

reliability is a variable that could be defined , calculated and designed ,
where technological risk must be closely regulated , redundancy is
indispensable and sometimes unavoidable. 
Reliability of complex technological and in advance systems could be
underlay , by calculations which invisibly regulates and manufactures the ideas
for public and policy makers .Reliability that could be offered through
redundancy requires accurate measures of many things such as degree of
Independence , Similarity and Isolation . 
However this does not mean that 
redundancy is an ineffective engineering tools , however we should bear
in mind  it’s  limitation.     

that redundancy has its own costs as well as benefits .  The key to a reliable design is “
Understanding “ , just simple human understanding of what we are seeking for

Ryan Grekowicz's picture

In my experience in the oil and gas industry, we undergo studies referred to as "Level of Protection Analysis" to address the issue of redundancy.  Redundancy isn't the only thing that is looked at, but it is one of the primary topics discussed.  The analysis is pretty regimented and utilizes a formal approach to determine what practical measures must be put into place in order to avoid an incident.  

I'm not going to attempt to explain the entire process, but I will say that it is a requirement that we conduct this assessment when we design new projects.  It must be conducted by a certified individual, we use both company employees and specialty contractors.

To quote or company document on the subject, "Level of Protection Analysis provides a consistent basis for determining if there are sufficient independent protection layers against hazardous events to achieve the required risk reduction target."

So to answer the original question posed above, yes redundancy does increase safety, that's why we're required to assess it on our projects, but it must be approached in at least a semi-quantitative approach to ensure consistent application. 

Hanifah N. Lubega's picture


It’s impressive that
everyone who has commented on this topic has agreed that redundancy is an
important aspect in ensuring safety and reliability. What puzzles me is if
young Engineers like you notice this, why do we still have incidents like the Macondo Deep Water horizon?! One of the
system failures that contributed to the disaster is the failure of the Blowout
Preventer that is supposed to be the final well control device that seals off
the well in case of an accident. If its roll is that important, why isn’t there
room for redundancy? Or better still; the final well sealing is done by a
component called the Blind Shear Ram, Why didn’t the design engineers provide
for redundancy to this system?

While we all acknowledge
the importance of safety and reliability, why do we have to wait for Major
hazards to act on engineering/technical solutions that we already know before
lives and money is lost?



Ambrose Ssentongo's picture

Hanifah, it's good to note these questions need answers but I'm inclined to another direction in regards to redundancy vs safety. My opinion is this; We’ve often been given scenarios in our reliability modules of setting systems in various parallel configurations to calculate how this affects reliability of the system and further prove the importance of redundancy in improving reliability; we have however never brought into perspective the effect of this on safety. Do we therefore not always apply redundancy to systems only to further assure availability of our system and not safety instead? I’m inclined to believe the former (that redundancy is applied to address availability issues and not necessarily safety). We’ll put two systems in redundancy such that a fault in one does not lead to shutdown of the system; however the non-existence of the redundant component doesn’t mean the system is unsafe since safety considerations are already made while designing the system so it shuts down safely in the case of failure of a certain critical element. I wonder what others think of this.

Ambrose Ssentongo

Ike Precious C.'s picture


This issue has been a point of argument within engineers within the Oil and Gas industry and beyond. I have gone through previous comments and with respect to the concept of safety and reliability, Redundancy has its advantages well known but I alos think of some of its disadvantages.


 1) Cost: The addition of redundant components will indeed increase the CAPEX and OPEX of the company that owns the facility.


2) Complexity: The concept of redundancy adds spare components to the system such that failure of one will lead to the operation of another. This may look simple but if further complicates the system. 

The fact that you have a redundant system increases the number of components and systems and the logic or controls which may have entailed to simply open/close a valve will now have to include a check for failure of the valve to open and a further instruction to open the redundant valve.

In engineering, it is generally perceived that the more the number of joints, the more the number of failures in a system; That is, If my valve had the tendency to fail at certain temperatures, an addition of same type of valve to the existing one presents an opportunity for the 2 valves to fail at two different points at the same/different times.


This addition of redundancy also, in most cases, increases the weight of the systems, which in Oil and Gas is a major factor that is looked into. Every company will love to have their facility give high production rates at the lowest possible or optimal weight. An increase in weight leads inflates the cost of Steel Structures and supporting elements which in return inflates the CAPEX(as pointed earlier).


In as much as Redundancy increases Safety and Reliability, I think companies tend to weigh the possible outcomes of failures and its consequences with respect to the cost of having that Redundant system put in place. This goes a long way to determine if the redundant system is worth it or not.

Thank you.

Precious C. Ike 


Adejugba Olusola's picture

Adejugba Olusola

The application redundancy should not be considered in isolation. It has to be considered and used in conjunction with other risk assessment methods to improve the reliability and availability of equipment and production systems. In the case of an offshore platform where there are limitations to weight size and distribution, redundancy may not necessarily be the best but there will be other ways.Availability is for what proportion of time will the equipment be available to perform on demand? (Alternatively, the ability for the system to provide access to its resources in a timely manner for a specified duration). Reliability is how likely is the equipment to perform on demand? (Alternatively, the ability of an item to perform a required function under given conditions for a specified time interval).{1}Increasing the number of equipment also brings along its own risk, it complicates the system not to talk of increased costs – capital, operating and maintenance costs. A more beneficial approach will be the application of the principles of Inherent safety which is applicable even retrospectively in brownfield modifications even though the most benefit is at the design stage.


Savitha Haneef's picture

Savitha Haneef
MSC Safety & Reliability Engineering

Savitha Haneef's picture

Savitha Haneef
MSC Safety & Reliability Engineering

Uko Bassey's picture

I totally disagree with Ambrose Ssentongo in his opinion stating that incorporation of redundancy is not geared towards safety rather to increase production. According to Ambrose, "... we have however never brought into perspective the effect of this on safety. Do we therefore not always apply redundancy to systems only to further assure availability of our system and not safety instead? I’m inclined to believe the former (that redundancy is applied to address availability issues and not necessarily safety)." It is important to note that the reliability of a system determines its availability and obviously increase the safety state of the entire system. Redundancy could be an alternative tool to secure the production system (e.g. automatic switching control in an offshore platform) for emergency evacuation, it might not necessarily be geared towards production.

While I agree with Precious Ike and Adejugba Olusola in their emphasis concerning the inherent challenges in terms of complexities and additional costs (increase in CAPEX) posed by the introduction of redundancy in our systems. Also worth noting as mentioned is the space constraints in places like offshore platforms because every load counts. However, the application of redundancy is undeniably indispensable in the design of our systems not just a regulatory requirement.

Uko Bassey.

YAKUBU ABUBAKAR 51126107's picture

 Mr Uko bassey what
you said is not totally different from what Ambrose mention earlier, look what
you should understand is redundancy is aim at achieving mainly Safety, and Maximizing
production by lowering down time due to failure break down and maintenance.

As much as proving redundancy is paramount is usually come
with a prize i.e. huge capital cost, so the application of the redundancy
should always be carried out in a cleverly manner in order to minimise the cost
of installation of the required redundancy.

Aviation, nuclear and oil and gas industries are the
industries that redundancy is paramount because of the high risk associated
with these operations. It’s now became mandatory to provide redundancy to any
sensitive design project part before it get approval by the regulatory

By the application of fault tree analysis, reliability block
diagram and identification of minimal cut sets would enable you know the
sensitive aspect of the design that may require redundancy in that way you can
reduce cost of redundancy application.



Samira Bamdad's picture

Unless the design/functionality of a system or its components are severely flawed/altered, I find it hard to imagine a situation where increasing redundancy in the design could lead to a real reduction in safety/reliability of the system. In extreme cases, a redundancy considered for an extremely low probability scenario may have an overall neutral effect.
In the previous comments, the arguments against increased redundancy – and in particular structural redundancy – generally revolve around inflated CAPEX and increased weight of the structure, which theoretically are correct. However, the effect of a reasonable level of increased redundancy (often called “good engineering practice”) in the life cycle of an asset and its potential for life extension should not be ignored.

Unforeseen circumstances are often the causes of failure and loss of production in oil and gas industry. The following examples could be noted where increased structural redundancy could have had a significant role in the fitness-for-purpose or service determination of an asset (or a component):
Pipeline Example: Increasing pipeline wall thickness to the nearest API size, additional to what is strictly required by the design code, may have cost implications and easily ruled out. But it could turn out to be the saving grace (resulting acceptable strain levels) when the pipeline buckles as a result of bad trenching or unplanned higher operational pressure in the system.

Platform Example: Increasing the air gap under the platform topside may require additional steelwork in the jacket leading to higher material, fabrication and installation costs. However, seabed subsidence due to years of reservoir production can reduce the air gap and hence the design life of the platform. Freak waves and hurricanes are also less damaging for a platform with higher air gap.

victor.adukwu's picture

I completely agree with this topic. In the oil and gas energy sector, redundancy is of paramount importance in the reliability of equipments or machine components and safety of personnel on board because duplication of critical components or functions of a system with the intention that production continuous or a un-interruption of running the plant is usually planned for during the design stage. For example, crude oil export pipelines usually have redundant pumps and isolation valves to serve in the event that there is failure of the duty pump. Also, turbine and generators that supplies power to the oil and gas facilities usually have stand-by turbine or generator in the case of any failure incident to avoid any power interruption that might affect the running of the plant.
To amplify the importance of redundancy in the oil and gas sector, most standards and code like ASME, API, DNV and ISO give the minimum requirement for redundancy in process plant facilities, pipeline systems and subsea systems.

The answer is yes. It is an important way to improve the safety of reliability of distributed control system by developing redundancy technology, especially for oil and gas industry. For instance, in the course of oil and gas exploitation, the redundancy configuration of DCS could enhance its reliability and reduce probability of system failure. In terms of redundancy technology, its principle is to add redundant equipment so as to ensure the system works reliably. According to the structure, redundant system could be divided into static system, dynamic system and voting system.  Based on the position in the system, it could be categorized to element level, component level and system level. As per the extent of redundancy, it could be differentiated as 1:1, 1:2 and 1:n. For sure, redundancy design will increase the complexity of system and more investment will be put into the system with redundant configuration. So it is a matter of trade-offs.

Savitha Haneef's picture

 I agree to some of the comments made by Olusola. Redundancy not only increases complexity of a system but also induce complacency among operators as this lead to a belief that the system is fault-tolerant.It should be used in conjunction with other methods to improve the safety and reliability of any system.Redundancy may not be effiecient in determing whether the risks are ALARP.

Then why is it the most commom approach ro safety management?.I think maybe its because redundancy is more closely associated to reliability. Redundancy is expected to reduce the risk of failure thus improving the reliability of any system.One other reason maybe is it is easy to measure and verify unlike inherent safety which is hard to measure.

Savitha Haneef
MSC Safety & Reliability Engineering's picture

Redundancy is a quite important approach to control risk. Based on what we have learned in this course, Redundancy refers to repeat some of the configuration system components, when the system is fault, Redundant configuration components intervention and replace the fault components to work, thus increase the system's reliability.

In oil and gas industry, there are many applications of redundancy. For instance, the company often build another generation for redundancy in case of the main generation fault. When the main generation faces some problems, the redundancy generation will be stimulated by the signal and start to work to provide the electric for the relevant equipment.

Compared with no redundancy system, this mean really reduces the potential risk in oil and gas industry. Even though, it will cost more money to set up, the function to ensure the safety and reliability of the system is worth of doing.  

Dear all,


In my previous work experience I was send for a training with Yokogawa for thier DCS system. One think occur to my mind was is it useful of having the same equipment for redundancy?


In my opinion, certain equipment for example pump A1 when put into a redundancy with the same pump from the same manufacturer will leave it at risk of the same defects. For instance, the compressor onboard LNG vessel from a manufacturer tend to have the same problem when we carried out inspection for repair and maintenance. If say we are putting it  for redundancy, won’t it failed with the same problem?


I did create a report to top management to consider a total different redundancy structure (equipments and systems) to its improve reliability without jeopardizing the the system performance. For example, the DCS that I was trained with will have 2 line of 100base -TX ethernet cables, 1 for the primary system and one is for redundancy system. In my undisclosed company report, I found that if the cable to fail, they usually have the same root problem. 


Therefore, I think it is important to consider a different redundancies systems and equipments to give us better reliability.




Subscribe to Comments for "Topic 34: Can the application of Redundancy Increase Safety and Reliability in the oil and gas industry?"

Recent comments

More comments


Subscribe to Syndicate