What is Double Jeopardy?
Double Jeopardy refers to the simultaneous failure of two unrelated causes.
When assessing a scenario, a cause is considered to be independent if:
There is no electrical, mechanical or process condition that could link it to another cause and subsequently cause a common failure.
If the length of elapsed time between possible successive occurrences of these causes is sufficient to make their classification unrelated.
As outlined in API 521 6th edition section 4.2.3, designing a system to account for double jeopardy is not required but they can still be explored in a HAZOP at the discretion of the PHA team.
For example, designing a system for the simultaneous failure of a control valve and tube leakage is not required however it may be important to evaluate the simultaneous failure of two control valves in the open position in the case of a power outage.
Another important consideration is latent failures. These types of failures should be considered as an existing condition and not as a cause of overpressure. Double jeopardy scenarios cannot be applied if one of the failures is undetected, existing or if the failure would not have been detected or fixed prior to the second failure.
For example, if a check valve was stuck open, it may not be detected prior to the failure of a pump. Therefore, the simultaneous failure of the check valve and the pump would be important to evaluate for reverse flow overpressure.
Another example would be multiple pressure regulators in series. If a single pressure regulator failed, operations may not know about this failure until the second pressure regulator failed and an overpressure situation occurred in the downstream piping.