Robustness is an emergent property of a system that requires careful ordering and balancing, of sub-system requirements and interactions to build resistance to the initiation and progression of hazardous events such as the crossing of limit state thresholds. When subjected to a scoped perturbation, a robust system should not cascade out of control or experience disproportionate responses. Robustness is not a new concept and many codes already have robustness measures implicit in them. This means that even for standardized designs based on minimal functional requirements and which are code-based, there is significant robustness inherited from the codes used. But technology changes, applications differ and no code is perfect, so regardless of any existing measure, care and effort should be expended to identify risks and failure modes that may exist outside the scope or range of any existing code and additional robustness measures introduced if they are found necessary. Also, simply designing components to meet ever-higher performance levels is not an adequate guarantee or measure of robustness because floating production systems are complex with sub-system interactions and co-dependencies that are not always understood or in some cases even identified. Fixing a local component problem can lead to unexpected consequences elsewhere. Instead, robustness must be addressed on both a component and systems-level in a balanced approach that results in the highest possible level of overall system robustness.
This Bulletin identifies three levels of robustness: operational (R1), survival (R2), and reserve (R3). These three levels form a continuum spanning state space from the edge of a project defined safe operating limit (SOL) up to the point of system failure. This Bulletin encourages the use of systems engineering methods to define the boundaries, interfaces, and structure of a system. Proper problem definition that satisfies mission objectives and business needs while minimizing the overall stress on the system is beneficial. HAZIDs can be used to identify risk and determine management strategies. During design, these strategies should minimize the available pool of hazards from which a hazardous event can initiate. During operations, these strategies should erect, maintain, and adapt barriers against the initiation and propagation of a hazardous event.