Oct. 20, 2021

023 - Risk assessment with Maximum Allowable Damage with Jaime Cadena Gomez and David Lange

023 - Risk assessment with Maximum Allowable Damage with Jaime Cadena Gomez and David Lange

Risk as a concept is well established in modern Performance-Based Design in Fire Safety Engineering. However, it comes in many flavours - from a simple calculation of consequences vs probability, through indexing methods and using some arbitrary measures (number of fatalities, cost of damage etc.). Most of these methods focus on the value or threshold of the risk... while my today's guests seem to focus much more on the process itself.

Today I'm happy to host Dr Jaime Cadena Gomez (UQ, Transurban) and Dr David Lange from UQ, who will introduce us to the Maximum Allowable Damage risk assessment methodology. Two unique things about this approach are:
1) you calculate the inherent risk of your building, and start working towards solutions from this point, making the whole engineering process better aligned with delivery of a *true* safety, rather than compliance.
2) you focus on the process and not on the measure. This means you understand the building so much better, can include other parties and authorities in the process.

If you are a Fire Safety Engineer you should listen to this episode. Even if the method will not be useful for you, the discussion is definitely refreshing.

Connect to my guests:
Jaime Cadena on Linkedin
David Lange on Linkedin

A short introduction to Jaime's work:
https://www.youtube.com/watch?v=_6YOBkS9Uds

Read more on the Maximum Allowable Damage methodology at:

Transcript
Wojciech Wegrzynski:

Hello, everybody. Welcome to Fire Science Show session 23. Another week, another great interview. As you may remember in session 20, we've hosted professor Brian Meacham, and we've talked about lots of concepts related to performance based engineering in fire safety engineering. And in one of the questions, Brian said that maybe, in FSE we should move towards other methods of calculating risks. Like something he called maximum tolerable loss and quite funny, because not knowing that one or two weeks earlier, I've booked my todays guests, and they're going to cover exactly that a method to calculate this maximum loss. They've coined it as the Maximum Allowable Damage, but the concept is very similar. What is the inherent risks related to the fire and The fire can cause. The method is really intriguing because I've learned that it's not just about the volume or or a limit or a goal in where the damage can be. It's about A) finding, what is the baseline inherent risk related to your building, and then starting from that, with your engineering. And B) not focusing on the value, but then the process itself and trying to learn your building while doing the risk analysis. It's really fascinating to look from this perspective and I think it could actually work. So, yeah, this may be quite quite useful. So for this episode, for this topic, I have two guests. First is University of Queensland alumni,Dr Jaime Cadena Gomez, who has finished his PhD on this very subject, Maximum Allowable Damage risk analysis methodology. And I also have his supervisor, Dr. David Lange, also from University of Queensland, who was also a great fire scientist, very fit to talk about the risk because in his scientific career, he also has touch to the risk concepts, in structural fire engineering. So a great topic, great guests. Let's not prolong this. Without further ado. Let's spin the intro and jump into the episode. Hello, welcome to Fire Science show today. I'm with two great guests. first I have a university Queensland alumni, and now network fire engineer in Transurban Mr. Heimer, or sorry, Dr. Jaime Cadena-Gomez Hello. Jaime,good to see you here.

Jaime Cadena:

yeah. Nice to hear you.

Wojciech Wegrzynski:

Great to have you here. And I ha and I have, UQ professor David Lange. Hi David, great to see you.

David Lange:

Hi, Wojciech good to see you. Great to be here. I'll just correct you very quickly. I'm only Doctor, I'm a senior lecturer here. Not a full professor, sadly.

Wojciech Wegrzynski:

Before the podcast goes live. It's now we joking. Ill work on it. Let's work on this. Great. Great to have you, David, how is it living downstairs in the other part of the world?

David Lange:

it's okay. It's a little bit hot sometimes. I'm Scottish and, I'm used to much colder climate than I get here. We're used to the weather after three and a half years.

Wojciech Wegrzynski:

I guess these are the things that can gets used to

David Lange:

Hmm.

Wojciech Wegrzynski:

So today we got together here to discuss some risk concepts and risk as a tool for fire safety engineers. A tool that is already being used in some cases, sometimes used wrongly, sometimes used well. But, as many things in fire, it comes in flavors and there are so many ways to approach that, I've touched it with Brian Meacham when we discussed Performance Based Engineering and this risk concepts are so inherently connected to the performance based engineering. At some point it seems to be the same thing. So, Jaime first question to you because you pursued your PhD in this topic. I wondered how did it start it? How did the things aligned for you seek a PhD in risk assessment and where did you identify the gap? In the current methodology that made you pursue this subject.

Jaime Cadena:

Yeah, thanks for the question. It's very interesting because, I guess I started exploring the concept of risk, way before I even realized I was doing that. Back when I was back when I was in university finishing my bachelor degree in chemical engineering, I started getting involved in fire simulations and the focus of that was process safety. So it all started with a small laboratory of chemical engineering. There have been a few small flash fires in there. And, my supervisor at the time, my, who is my mentor and it's someone I'm, I've learned so much from he suggested, do you want to research these as your, as your graduation project? And I thought it was very interesting and I did it from a purely chemical process safety perspective. So we had a few scenarios that were very well-characterized because it process . We analyze the consequences, not the likelihoods, because we knew it could happen to anytime it had already almost happened a few times, so we didn't care about the likelihood and I will return to that at some point. But we really cared about how bad things could get, because there were several million dollars equipment in that room. And that was the first contact I had. But then, once I went into, my professional career and I started working, I kept doing research and for, I don't know some reasons, I'm not exactly sure. I was still attracted to fire because I understood that fire was different in that first exercise. I saw that fire safety engineering was actually a thing. That's something that most chemical engineers. I don't know. And most process safety engineers don't know. So I started connecting dots and throughout my master's research, I started getting involved with professor Jose Torrero when he was back in the university of Edinburgh. And we started collaborating, I started using FDS simulations, but from the uncertainty analysis point of view, and I was still flirting with the idea of risk, but I wasn't consciously doing it. It was kind of in the background. When I finished my masters and I started working in consultancy and, things became less academic. I started realizing that a lot of the things that I saw in from fire, from where I was standing and the things that I saw in chemical process safety, they all had something in common. And I couldn't really put my finger on it. At the end of it. And as you introduce very well, it's risk and it's a common element just because risk is all around us. And it's a concept that should be very, organic to all the human beings. Right. We all kind of understand if you say that's risky, everyone kind of understands what you're saying, even though the definition is completely vague. Nobody can agree on the definition, but we all know what we're talking about. And we all do some sort of risk analysis in our heads all the time. So I was very curious about it. And just to finish. At some point, I realized, look, I really want to do more research and fire safety. with process safety. There's something there about risk assessments, this whole approach of quantifying risk. There's something that doesn't sit right with me. And I approach Jose initially, with that, and we discuss that and he said, actually, that's something that I'm concerned about as well. Let's do our research. And eventually I ended up working with David who became my main supervisor. And that's how I ended up doing my PhD in fire risk assessments.

Wojciech Wegrzynski:

So you became fire safety engineer by almost burning down your lab. That's an interesting way to.

Jaime Cadena:

Well, I wasn't the one who almost burned it down, was the one who tried to figure out how bad it would be. If it did burn down, it was real bad, actually.

Wojciech Wegrzynski:

That's a great pathway. And actually, in a classic theory of science, Kuhn style, it's very difficult for someone from inside of a discipline to change the discipline at whole. So, for fire safety engineers, it's touching is risk. It's like inherently connected to them and they learned that the classical way you have to come from outside from a different discipline and you came from chemical engineering with the process safety in your mind and apply that to fire. So that's the proper combination, how to change the approach. And David what's in the risk, for you. What were your thoughts when Jaime approached you with this subject, with Jose.

David Lange:

Well, that's kind of, it's interesting. And I think, Jaime did touch on that, that he initially did approach Then he didn't really give a little bit more give a lot of detail about the process whereby I became his principal advisor, but actually Jaime had a several principal advisors over the course of his PhD. So from starting off applying for the program here at UQ with Jose, while Jose was still, the head of School of Civil Engineering here, when Jaime arrived, it was shortly after Jose had left and Jaime started off working with one of our colleagues who left. just about a year after, I think Jaime started. Dr Andres Osorio who's a graduate of UC Berkeley's program. And, I started, but long before Andres left and , took over principal supervision of Jaime because it was most aligned with my own interests and my interests in risk. They stem from my PhD, which was the risk and performance based design of steel and composite structures for fire. Working with professor Usmani at the university of Edinburgh and also with Jose Torrero. Once I left Edinburgh, I spent six and a half years at SP as it was at that time, it is RISE as it is now in Sweden, working on European projects related to large scale crisis management or, Coile infrastructure resilience as well. I've also done quite a lot of work in collaboration with Ruben van Coil. And with Danny Hopkin of OFR on risk. So really learns a huge amount from both of them.

Wojciech Wegrzynski:

such a nice combination of chemical engineering perspective, structural engineer perspective, , let's say infrastructure safety perspective. Each of these disciplines would have a completely different understanding of what is the acceptable risk. Like, if you want to use risk as a concept in designing safety, you need to have a target, it's not possible to design for zero risk. There's always a meteor that can hit the planet and your whole risk concept is down. So, in many aspects, this pursuit of finding, risk, or using risk as a concept in design would go down to finding what that tolerable, level is, or where is the boundary for which you design. Right. And, I know some, some ways to do that. Sometimes it's a fixed value of risk sometimes it's, FN curve. It's probability against fatalities. Sometimes it's in terms of money. Sometimes it's in terms of some gains or some unbiased method of calculating what the gain would be. If you do a decision and in your PhD, Jaime you've introduced the concept of Maximum Allowable Damage, or you've applied that concept. And that's interesting, again, I'm going back to the, interview with Brian because that's, that, that was like really powerful for me. That lesson I got from him and, Brian told that if we want to incorporate like risk or PBD performance based engineering design in general, we need to apply some better concepts in finding the targets. And he mentioned like maximum, tollerable, damage or something like that. I guess it's like a very similar.

Jaime Cadena:

I was actually very surprised too, because I listened to the podcast uh, I was actually quite surprised to hear him say that. and I completely agree. Yeah, that's the Basis of my PhD. And, just to summarize it. There's so much uncertainty involved in designing a building for fire safety and you don't know who is going to be there doing what kind of field load, what the distribution is, and you can make a lot of guesses. They can be even educated guesses and you have a lot of even databases that you can use, but you don't know. You don't know. And I would like to have a conversation with, an engineer who thinks they, they know because, we don't know. And, even in my current role, at Transurban dealing with tunnels, all of these very complex infrastructure is designed within a very specific boundaries. And for fire safety is the same. As you said, there are some targets that we define, but most often than not, those targets are not really targets, but boundaries of where the system should be operating. And we designed for those boundaries. So if you have a warehouse. You will pretty much know how much fuel load and how it will be distributed. And that's the limit. Most likely you won't be able to have more than that, of a particular type of fuel load because your structure and your protection systems will be designed for those, for that particular distribution of load. So it's kind of that idea of the boundaries of the design boundaries that led me to that, concept of maximum allowable damage, which as you said, I didn't come up with that. It's just something that, we articulated because that has been used extensively, particularly in the insurance sector and the way they use it is different, but it's the same concept. So when they are going to insure a building or a piece of infrastructure, they want to know. If you do have a massive fire and a bunch of things fail and buy a bunch of things, everything fails what is the loss? Because we're going to have to pay for it. So will we actually be able to pay for it? And they do it from a more economic point of view, right? Because yeah, they're gonna pay for it. It's infrastructure is property protection, but the concept is underlying is the same. So what I wanted to explore with my research, was, well, what have you used that concept not for money, not for an insurance payout. What if you use it to actually identify the boundaries of your design and be very clear about what your building or your infrastructure can achieve in terms of whatever it is that you're doing protecting life or protecting property. Protecting the environment, protecting the firefighters, protecting the community surrounding that infrastructure, whatever it is you want to do, you can very well-define this is how much I am willing to lose in any of those objectives. And you can then design backwards from that. And I guess that was where I found my first clash with all the other methodologies, which has you said before we started there's so many of them and my intention wasn't to come up with the one that actually worked, because, that doesn't really make sense. I don't think that's the case. You need to select them and customize them, on a case by case basis. but what I did want was to provide an alternative that fits better with these framework of performance-based design because it cannot be just reaching a target. A target can be very deceiving. You don't even know if that target is really what you should be striving for while if you define the boundaries of the performance of your system, then that you do know. You will be able to make a safety case on that. You will be able to say, look, based on these conditions, the performance will be acceptable. The performance will be as intended. If you go out of those boundaries, I cannot tell you what's going to happen. I'm very sorry. And most likely the system will operate at some point outside of those boundaries. But, that's a whole different problem. You will need to control it somehow. But as long as you remain within those boundaries, happy days, things will work. And I guess that was for me, the main takeaway of the research I did. Necessarily hitting a target because of that, that might not really ensure anything. It's more about saying we're going to have vulnerability. We're going to have some boundaries. How do we say within those boundaries and where those boundaries lay

Wojciech Wegrzynski:

So if I understood correctly, this is more oriented on figuring the outcomes of the fire events and, quantify how bad that can be. And then, based on your decision, how bad you would like to do allow the fire to be ,then design around that, not just calculate the risk value of in whatever form it is to say, okay, it's below my risk limits. So, it's good. If it's much below, I can cut some stuff. If it's little above, I can add some stuff. So it's more focused on this like critical path to the worst case scenario.

Jaime Cadena:

Yeah. Yeah, correct. So if you think of a compartment inside a building and you have a fire and that fire is going to start producing both heat and smoke, then you need to figure out, well, what are the consequences of that smoke being producing that compartment? All right. Maybe that will be acceptable. Maybe it's a storage room. There won't be anyone. You will just lose property. All right. Fair enough. But let's say that the heat is enough so that you actually lose structural integrity of the door. And now that smoke is moving into the rest of the building. How far are you willing to accept that smoke, to travel and to accumulate before it causes trouble to the occupants? And I guess these are very basic concepts of fire safety engineering. This is nothing new, but, The difference with maximum allowable damage is that we really push those boundaries of how bad things can get to understand what the building can actually do, in terms of performance. So to give you an example, my first case study in the PhD was a multi occupancy building. And, we had a fire anywhere in the building. And what we did is, well, the fire doors are not going to be, available. They're going to be open because we know that can happen. Nobody can ensure that those doors will work for sure. And of course, if they are there and they work great, that's amazing. And they should be there, but we need to understand if they do fail for whatever reason. If that happens, will the building be able to perform. As good as we wanted to, in terms of in that case, it was life safety. And we found out that it is feasible to design the building to achieve that performance objective. So it's just a matter of how you frame that and how you use the concept of risk to get there. And if you identify that, actually you cannot achieve it. Then you can start modifying the design or imposing operational rules. You can start saying, well, building is not gonna going to be available for these many people. It's only going to be restricted to these amount of people or for these fuel load, whether you can actually control that or not. That's a different problem, but you, as a fire safety engineer will be able to draw those lines and say, look, this is what I can design for. If you can manage that in the real operation. Then you can go ahead. If you cannot, then you need to redesign it because this is not working. And that was kind of the main idea.

Wojciech Wegrzynski:

Let me stop you for a second. I'll just quickly explain because, we have a varied audience in the podcast from combustion engineers to evacuation people. So, with the basic concept of riskwhat Jaime means is that we usually results to quantify, the general probability of a certain size of a fire to happen in terms of how often per year it would happen. Then you would calculate how much people it will kill through some methods like in CFD. Sometimes its just tabularized, sometimes use zone modeling for that. Sometimes you run a Monte Carlo for that, but you generally, you have to combine the probability and the consequences. And once you get that. For a fire that happens once in a year, no one dies for a fire. That's probably in like one in a hundred years, 10 people dies. You end up with some value of risk when you multiply them together. And when you have that number, it's a matter of local acceptance. What kinds let's say risk value is acceptable and you pretty much stop there. You reach that number. That's the end of the risk assessment. Of course, I think you can still go like somewhere where you went with your methodology that, you could seek, reducing that risk. You could see alternative pathways and I've seen that in many places that, this is used, but in, principle, in engineering, you just seek that value and that's it. David, David wants to comment, go on. Yeah.

David Lange:

I just wanted to say that, with focusing on the consequences, the way that Jaime does it's almost looking at the inherent risk in a building. So it's almost taking a concept from another, from other engineering disciplines to understand what is the inherent risk? What is the, when you strip out all of the controls, all of the fire safety features in the building, there are controls that help to reduce the risks they help to manage the, both the consequences and the likelihood of the occurrence of a significant scenario. A scenario that challenges the fire safety strategy in the building. If you strip all of those out, then what you're left with is the inherent risk that's inside of the building. Once everything else has failed. And that's, that's really the concept that Jaime's calculated tending towards, I think it's probably the best way to put it. Once you've calculated the inherent risk, then you can start to fit back into controls to optimize. The fire safety strategy to get below sometimes some kind of a target F-N curve, if you, if that's what you're doing. But I wanted also to comment on the idea of targets curves as well. The idea of having, a target risk that we need to design below is, it's maybe a little bit counterintuitive, in some respects, what is a tolerable risk will not be the same from one stakeholder to another. Okay. So, there's a significant dialogue that needs to be had with all relevant stakeholders with members of the public, with policy makers, with fire rescue authorities, with the owners of the building, with the insurers of the building, it was very significant dialogue. And if we set a target level of risk. Before we even go and do any kind of engineering analysis, then what we end up doing is we focus on demonstrating compliance, as opposed to demonstrate on the performance of the building or understanding the performance of a building. And that process of demonstrating compliance leads you down a potentially very dangerous pathway, especially when we're dealing with the very low, apparently very low probabilities that we often talk about in fire safety engineering, where you can tweak the one number one way or another way to make a slightly different assumption, which on the face of it seems reasonable, but all you're really doing is demonstrating it to compliance, demonstrating compliance of the design, as opposed to really understanding the performance. The point that I'm trying to get at is that if you go down the route of trying to understand the performance, as opposed to demonstrate compliance, then you can have a conversation with all of the stakeholders about that performance and understand is this a risk that you are willing to tolerate as the state.

Jaime Cadena:

Yeah. And, on the back of that, If you do an analysis where you understand that inherent risk and you're happy with that risk, you're willing to accept that you have a conversation where different stakeholders say yes, even when all of these different things fail, we're willing to accept that risk. That's a very different scenario than the one that David was describing. When you just somehow achieve a number that combines these two concepts of likelihood and consequence, you somehow end up with this number, which is fatalities per year. And because you achieve this number, then you're in a situation where you pass, where you are between quotes safe and. The reality is not that. building in the world will stop burning because you got a number right on your calculation. That's not going to stop any building from catching fire. That's not going to stop things from going wrong. That's not going to stop scenarios from happening, just because you didn't think of them. And, at the basis of both approaches both what I came up with in the PhD and in a more traditional risk assessment, you have the same problem. I need coming up with the scenarios and that's why in my methodology, we were pushing for the most challenging scenarios possible because at least that gives you a sort of boundary for that inherent risk. But when you do a more traditional approach, you rely on your expertise and your previous experience. To come up with the scenarios and how many are enough? Are you actually capturing all of them? What if this is the first piece of infrastructure that is built of this type? Nobody will have any reference for this scenarios. So assuming that you will be able to capture all the scenarios that you need to actually demonstrate an acceptable risk it's in itself, basically in viable, you won't ever have enough time people and money to explore all those different scenarios, to run the calculations for all those different scenarios. So you have to hand pick them. And this is at the very bottom or the very core of any risk assessment. You have to pick the scenarios that you're going to be designing for, that you're going to be exploring further. And it's a. Qualitative, very subjective driven process. And so far we haven't come up with any other way of, identifying the scenarios. It relies on us as professionals to determine them. So when you open the door to a target, achieving a target, you need to start questioning well, which scenarios did you pick to get these numbers that you got at the end? Are these, the scenarios that actually matter or not, maybe in those scenarios, you're just assuming that all the systems will be working as you intended all the protections, everything the people will be behaving. And this is something that Brian mentioned, people don't behave as we expect them to do. There's a lot of things that won't happen in the way we design for. So when you design for that and your justification for it being acceptable is that it's very unlikely for example, that the likelihood, is extremely low, yeah. These can be really bad. These might be able actually to kill a lot of people or collapse the building, but the likelihood is so low. You need to question what is the basis for that likelihood? And if you look at the work of Ruben that you mentioned before, that's a very strong basis. That's a very, very strong basis because you're analyzing the I'll system and I'm by no means I have any knowledge of structural engineer, but I can see how that is a structure. Those scenarios are structure from the basis, from the fundamentals of structural engineering. When you look at. You potentially doing, in a probabilistic or quantitative risk assessment in a building, the way that you structured those scenarios is very loose. It's very hard to figure out exactly who is going to come up with the scenarios and how you're going to check that those scenarios are actually good, which is what they call design fires. And there's no answer for that one. So yeah, going back to my, that methodology, we developed with David and Jose, that is something that you can hold onto because you will know that's at design boundary. You will be able to be held accountable to that boundary while with the likelihoods, you rely on a lot of databases and a lot of information that most often than not is simply not available.

Wojciech Wegrzynski:

Okay. But when you are seeking that, Maximum Allowable Damage. If you're seeking this inherent risk of the building, you still have to do some assumptions of how the fire can go in that building to find that inherent value. Right. So, to what extent it is, like scenario sensitive

Jaime Cadena:

Yeah. So that's actually a great question because that was a part, as I said, that was at the core of the risk assessment. And during the process of the PhD, we were always questioning ourselves, how are we actually going to deal with this? Because we can come up with any sort of approach to quantify the consequences and to justify why we're not taking into account the fire doors, for example, which most people would say, that's crazy. Okay. We can justify it. What about the assumptions underlying the scenarios that we did choose. And we got some inspiration from someone who actually, Brian also mentioned him Henrik Gellan in Norway and, they, they are from the University of Stavanger and, particularly professor Aben he developed a concept, basically what he said is in a risk assessment, you make all these assumptions, including, the scenarios. So you need to have some sort of additional tool to control how good those assumptions are. And because of the definition that he uses quite often of risk includes not only likelihood and consequences, but also the strength of knowledge, basically how much knowledge. Underpinning the whole assessment. That's where he got an additional tool, which is the strength of knowledge. So basically in my methodology, in Maximum Allowable Damage, what you create while you're doing the risk assessment is that you create a library of assumptions and inputs and parameters, and you start judging how good your knowledge is about each one of these, which is I admit quite what would you say that very intensive work to do? Because basically you need to check yourself all the time. So when you come up with something with a calculation, you need to check, Hey, wait, which parameters are involved here? Are these conservative, or are these very optimistic? Is there an alternative parameter here that I should be taking into account? And you create these library and you judge each one of them and by judging how good your knowledge is for each one of them. And another thing is how each one of them can affect the end result. So basically the sensitivity, which is what you were asking about. Then at the end, you have a library of inputs and parameters and assumptions, and you will be able to prioritize them and figure out there is a set of inputs and assumptions that can change my result dramatically. And I don't know too much about them. So these set of inputs and assumptions, I need to do something about it. And that's when they engineering comes in

Wojciech Wegrzynski:

so you mean, scenarios that would be like they would show high sensitivity. And at the same time, let's say low strength of knowledge or moderate strength of knowledge. These are the ones that are interesting for you the most, right.

Jaime Cadena:

Yeah, correct. So at the end you might, and this is also another thing is not on a path a, to B it's rather an iteration process. So you start with a scenario, you come up with how that scenario, you can actually model that scenario. And of course we focus on consequences, but there can be also, probabilistic inputs in there. And when you do that library of inputs, parameters, and assumptions, and you judge how much you know about them and how much they can affect the result, then you might need to say, okay, I need to go back. And I actually need to come up with additional scenarios or additional simulations or additional calculations. To see whether I am missing something. And that touches on an important point, which is the peer review. So these library that you come up with is a very important tool for you to hand over to the peer reviewer and say, look, these are all my assumptions. These are all the things that are the basis for my, for my risk assessment. And you can challenge these if you want. And if you find something that is not right, that's fine because that means that we will improve our understanding of risk. So it's not kind of like these pass or fail approach is more on the approach of actually building up those boundaries. And I go back to that idea of boundaries, but as David said is about understanding the inherent risks that you're designing for.

Wojciech Wegrzynski:

David in the large part, that sounds very similar to some structural concepts where you seeking, like in Eurocode seven, when the building will fail after a progressive collapse where you find the worst case. And then you also seek this worst scenario. So what are happening? Can you draw some parallels here to the existing methods that, people could take from like civil engineering?

David Lange:

Yeah, that's an interesting point, Wojciech, I guess you're talking about things like robustness of a structure or a disproportionate collapse in response to an event.

Wojciech Wegrzynski:

of loads and everything.

David Lange:

I think it's fair to draw parallels to some extent between those concepts and what Jaime is talking about. is actually done with the methodology is once you strip out all of the active controls, which is what he's doing, once you strip out all of the active controls. If your design is going to be able, if you're, if what's left of the fire safety strategy, the compartmentation, the egress strategy and so on, if that is able to support, level of performance or provide a level of performance that is acceptable to all of the stakeholders. Essentially what you have is a very, very robust design. And what I said before about everything else just becomes optimization. Because then what you do is you start to reintroduce the controls. You start to reintroduce, for example, sprinklers thought about closures on the doors. All of those things, provide, an optimization. They reduce the level of risk, the residual risk in the building. Once you start to, think about the risk of the building, a fire safety risk in terms of inherent risk and residual risk. and what you're going to end up, ideally, once you go through that optimization process as well, is that the damage to a building is not disproportionate and that could form not disproportionate to the initiating event that could easily form a part of that optimization strategy. So you you're totally right to draw a parallel there. one of the things that I think is important here is. you did touch on this when you introduced him as well as that Jaime's come from a different discipline, which has got a very mature application of risk assessments into fire safety engineering, where I think that, there's definitely some work that could be done to improve the way that we're applying risk assessments and fire safety engineering.

Wojciech Wegrzynski:

You mentioned the scenario where is inherent risk is let's say acceptable and then you can work. But what if you find out that it's absolutely unacceptable? if there is no safety measures, everyone dies in the building or something terrible happens. What

David Lange:

So what we're not necessarily talking about as acceptable or unacceptable is. So one of the important things about risk assessments in other industries is the process itself. Okay. So the process going through the process of conducting the risk assessment, understanding what are the inputs to the performance of the building, understanding the inputs that give you the scenarios that you're going to design the building for, those will inform the decisions that you ultimately take as to , what is acceptable and what is not acceptable. This is partly related to what I was talking about before in terms of one risk, but there was not a level of risk, which is acceptable to all stakeholders. Okay. The process here is really just to inform, it's a part of a tool to inform the decision making process as to whether or not a design is acceptable to all of the things. So if you take for example, in the UK, and I'm not going to be able to speak to this with a great deal of authority at the moment, but if you take, for example, in the UK where the HSC, instead of setting themselves up as an authority, essentially for as part of the risk assessment process for a high rise, residential buildings. What you've got is a risk assessment process where they're being informed, by the inherent risk in these HR RPS, uh, as to the level of performance. And they're using that to make a decision as to whether or not additional controls need to be for them.

Wojciech Wegrzynski:

so in the end, just doing the process already, uh, highlights the risks or the possible

Jaime Cadena:

blind spot seem the

Wojciech Wegrzynski:

blind spots. Okay. And you focus more on like really unraveling these blind spots and seeking the solutions for this rather than, just passing a threshold and you know, being safe.

Jaime Cadena:

Yeah. Well, before we started recording, you were mentioning something like that. If you do a risk assessment really well, you will be able to find a variable, for example, having a deluge system or not having a deluge system. And whether that actually makes a major difference in those boundaries that you're designing for. Those are the things that we should be looking for. We shouldn't be looking at justifying designs. We should be looking at understanding what the design requires to perform to a particular degree. So yeah, that those blind spots or those very essential variables that can actually have an impact on the performance. Those are the things that we really need to look into. And one of my fears and David mentioned these before is when you introduce likelihoods in a very mechanistic way, and you start combining consequences, which in fire safety engineering are very hard because modeling fire is not easy. And you had a whole podcast with Wolfram about this, and it's very clear that modeling consequences is very hard and still that something that you would say, that's one of the things that we do really well in fire safety engineering. Now, if you introduce modeling likelihood, And coming up with scenarios because you don't need to come up with one or five or 10 potential. You're talking about if you really want to do these the way they have done it in other industries, you're talking about hundreds of scenarios that include all sorts of different combinations of those controls, working on the conditions under which a scenario takes place. So if you really want to go down that path, the requirements that you will have for the professionals involved are completely different. You're not only talking about modeling a fire. You're talking about constructing a whole basis of knowledge, of both likelihood and consequences. And one key thing that I remember Jose telling me halfway through the PhD is you have to remember that fire scenarios are not an input. Fire scenarios are an output. You start with an idea of where you might have a fire and you start exploring what that could lead to. And you end up with the fire scenario, but you might have to do some calculations. And a lot of brain work to actually figure out what the scenario is going to be. So that's a major difference between a fire say in a chemical. And a fire in a building, the scenarios are not evident. So you cannot just say, oh,design fires and check that step is covered. No, they actually required each iteration and checking those blind spots. So all of those things kind of led us towards that idea of maximum allowable damage instead of just, just another way of hitting a target.

Wojciech Wegrzynski:

This is very powerful, what you've said. And, uh, I think Jose nailed it, with the sentence and, in some of Brian's work, it was also said that the scenarios are inherently connected to the course of the fire in the building, the building itself, you cannot just take a scenario outside of a building and put it into the building because that's very artificial. However, this is where it starts to be complicated in the real world. You know, if you are an engineer and you want to craft a building, this is where the work starts getting tough, because if you have a set of the design scenarios for which you design, It makes your work more organized, simpler, like, you know, that you have done all 15 scenarios. You're good. And this is how it's implemented in New Zealand. CM/V2 method. That's how it is. I've mentioned, in the green room TuRisMo risk assessment method for tunnels. And it's like that, there as well, you have an 18 scenarios for different fires and chemical releases for which you design and they more or less covered this whole spectrum. You know, it's a problem between having a methodology that's ultimately great and methodology that's, easy to use, for majority of engineers.

Jaime Cadena:

I guess the solution is somewhere in between, because fair enough. We cannot come up with all the scenarios. And I think I said to myself, that's an impossible problem to solve, least now, maybe I don't know, in five years or 10 years with the way artificial intelligence is going, I hope not, but, it would be very scary to leave a machine to figure out which fire scenario, we're gonna have to analyze, but fair enough. That's an unsolvable problem. You need to come up with a basis of, as an initial set of scenarios that you're going to design for. But that's basically the same thing I started, at the beginning of the podcast, which is fine, select 15 scenarios, 2050 scenarios, five that's. Those are your boundaries and do a really good work, take each scenario and really understand how much you know, and how much you don't know about those scenarios. See where the sensitivities are and explore the hell out of them. Each one of them that will give you a basis for design. And that will give you those boundaries. That's what you can do. Go ahead. David has something to say.

David Lange:

Yeah, I'm super excited. I've been sitting here waving at the camera for awhile. no, I just wanted to say that one of the issues though. And so the way that you described that Wojciech was really good. You talked about an engineer, crafting a building. It is an inherently creative process. There's a great deal of creativity. It's an explorative design process. Certainly should not be the process of taking a building, which already exists and demonstrating compliance with that building. It's a creative process. You're right. That craft is a very, very good word for it. We get back to the discussion about, demonstrating performance of a building as opposed to demonstrating compliance, demonstrating performance is what we're trying to make a case for here, as opposed to demonstrating compliance again. And the problem with, if you try and demonstrate compliance or even demonstrate performance, actually by taking a preselected or predefined set of 15 scenarios, all right. That predefined set of 15 scenarios, who is who's come up with those, where if they come from they've come from the experience of the profession, they've come to you from the experience of regulators as to what are the scenarios which have led to potentially unacceptable losses or unforeseen losses in the past. if you look back probably before the mid to the early two thousands vertical fire spread through, external cladding systems. Wasn't a foreseeable scenario. By effectively excluding the use of combustible cladding we had eliminated that as a possible scenario. So we never needed to consider the effects of vertical fire spread on the evacuation strategy of a building. All right. That, wasn't the scenario we need to account for. It now because that's front and center of our minds at the moment that sits in our head that we consider where's the next scenario that we haven't yet seen, that leads to unacceptable performance in our building. What is that scenario and how can we be sure that just by considering these 15 scenarios, we're actually addressing the effects, but the potential impacts of that 16th scenario, that next unforeseen scenario, this goes back again to, the idea of, or calculating or determining the inherent risk of the building, understanding what is the worst possible performance that we can have in this building.

Jaime Cadena:

Very excited about hearing you say this, because taking the experience from a chemical process safety, we have a list and we have some books , and even legislation that tells us these are the type of scenarios that you will expect, say in a gas processing facility. But you don't have a predefined list of scenarios. You have to go through that very painful creative process. It's a brainstorming process. And they're actually defined as brainstorming exercises of putting together all the design engineers, electronical, electrical, control and instrumentation, chemical mechanical, and you brainstorm the scenarios. And, you know, as a facilitator of these exercises, you know, which type of scenarios you're targeting, but you don't know the exact scenario. And that creative process is the first step in coming up with a plant basically. And with the safety features that plant will have, it's a very creative process and you cannot really jump at or skip it by saying, well, this is a gas processing facility. Here are your scenarios because each facility will be unique. And there, there have been even studies where they have compared the same exact plant in two different countries. And the risk is not the same.

Wojciech Wegrzynski:

That's interesting because I was just thinking about how we design bridges and you have this set of, at least in Poland, you have a set of standardized bridge designs that you can, just pretty much use adapted slightly to your needs, but it generally is it comes pre designed and you know what this bridge will hold or whether the performance parameters of that. And you should just build that bridge if you need to cross a highway. And if you need to build a landmark in the middle of your town, you go and fully design that from scratch. And at the same in here, like in fire, we will not be able to use this complex methodologies for all buildings. And I don't think we should be because, there are many buildings that we could call common. you've investigated some residential scenarios in your PhD, but I'm sure you could come up with some common designs for small to medium residential buildings for which you could actually do this super complex methodology, go this iterative process, build your library, have the library pre peer reviewed, and then share this as the worked out example for a common case. And then like, it could be a starting point for an analysis of a different person that, okay, this is a common case. Let's check out if the scenarios here are the same that I would expect in my, what are the scenarios that I don't expect it to happen? What are the scenarios that are outside of this analysis? And then, build on that. And that would be quite an efficient way, to design a common building.

David Lange:

I was just going to say, I mean, but you still have in what you're describing or you still have that creative process, you still have that branding brainstorming process. There's still a need. In what you're describing,

Wojciech Wegrzynski:

it's not, that you can take it from the shelf and just print the print of the building. Yeah. You, but you would need a starting point, you know?

Jaime Cadena:

Yeah. It's, it's the challenging components of the process are what matter? The mechanistic parts of the process are not important. Arriving to a number, getting the nice FN curve. All of that is not important. The important part as David highlighted is the understanding. And if we don't understand the inherent risk, which is the basis, and I didn't clarify that, but that's the starting point of building a chemical plant as well, understanding the inherent risk. And then you create layers of protection around that inherent risk. So if you don't understand the inherent risk, you cannot pretend that an FN curve isn't going to provide you with enough evidence to say that a building's going to be quote, unquote safe. It's just giving you a number that doesn't mean anything else. And you need to start digging into the scenarios, into the assumptions, into the models that you selected, the way that you run those models. And that can become basically a, forensic process if you're a peer reviewer. And if you don't have. A very structured way of presenting the study, which is one of the things that we strive for when we came up with Maximum Allowable Damage. These has to be something that can be packaged and can be systematically investigated by a peer reviewer without having that person say, what the hell did they try to do here? Or how did they come up with this? Or no, it has to be very well structured and say, here are my scenarios. Here are the sensitivities. Here are the blind spots. This is what we've calculated. And this is the end result. These are our design boundaries. This is what our conclusions. So that's one of the other problems, that the experience in chemical process safety has shown that when you have one of these very complex risk assessments, if you don't specify a good structure for them to be, carried out when you have a peer reviews, usually from a government body or from the state body. If you don't have it, well-structured to begin with, they cannot do anything with it. They just have to make a choice of whether they want to believe in it or not. And that's not a good way of figuring out if a system is going to perform well. you really need that peer reviewer to be able to understand the whole workflow and to also be part of that journey of understanding the risk, not just saying yes.

Wojciech Wegrzynski:

And for the final thing, I'm not sure if I missed it or maybe it's not in the method, but how does the method, interlock with like other branches of engineering, because you don't want to design fire safety engineering in a silo. You don't want to be, in your bubble where you would do all of this and then comes the, structural engineer and the changes the outline of the floors or worse, there comes some other engineer who turns your facade into a combustible hell without you knowing. So where does this interlock with, with the rest of the building engineering,

David Lange:

I'll have a go that's first. Again, very good question Wojciech. and it actually speaks to a concept which is gaining a lot of traction here in Australia, which I think is quite common for a number of, high profile projects and poorly in a number of different jurisdictions as well. Besides your holistic design, where the fire safety engineer is involved from concept design all the way through with completion and handover of a building, interacting and interfacing with all of the other, engineering disciplines. I think, one thing that's important to recognize with fire safety engineering is that we're in a very, peculiar place potentially is the right word for it. In comparison with some of the other engineering disciplines and that we were able to impose additional requirements on, for example, the structural engineer on the facade engineer, on the mechanical engineer, on the HVAC engineer. Whereas not all of those other engineering disciplines have quite such a potential to influence all of the other members of the design team. So the role of the fire safety engineering, the design team, uh, can actually be quite central and bearing in mind that it can be quite central. The argument for fire safety engineers to be involved from concept design through to completion is very, very clear and having input in all other aspects of the design is quite clear as well. The benefits of them having input at all stages as quickly. I think,

Wojciech Wegrzynski:

And as the design evolves, you can come back to this inherent risk and just compare with that and see if you worsened or improved things. Jaime? Want to add something to this interlock?

Jaime Cadena:

One thing that we didn't touch on is the probabilistic part. And, we did get a lot of fire thrown at us because of, being perceived as advocates of only deterministic analysis. And that is not the case. And actually one of the final case study of the thesis, was more of a property protection, kind of a case study. And, uh, it was a structural. So that was quite a challenge for me. And I was really thankful that I have David guiding through it. Although it was a very simple case study, but because he was structural, we could actually play with stochastic inputs. So it was maximum allowable damage. We were trying to figure out the inherent risk in that design, but we were able not to just get one single answer, which in this case was property loss. So it was just not one number, but we could actually get a distribution of loss. And that distribution came from those stochastic inputs, which had to do with the mechanical properties of the roof beams and so on. So I wanted just to add that, just to make clear that all of these is compatible with that stochastic information were available, but we don't go into this realm of coming up with how likely is a fire here instead of here. Because as I said at the beginning, and I guess we go full circle, we don't know.

Wojciech Wegrzynski:

It's a good, closing point that there are still challenges. Well now Jaime, David. Thank you for introducing us to the maximum allowable damage, risk assessment methods and work we're doingat UQ. I'm going definitely to refer, the listeners to your PhD thesis, which is very rich in examples and everything. Yeah. Thank you for coming here and sharing this interesting insight. And, we've agreed to that before I had the interview with Brian, Brian mentioned that, such a method would be very needed, so I'm more than happy to present it at the podcast well. Great minds think like, guys, thank you so much for being here and yeah,

Jaime Cadena:

Yeah.

Wojciech Wegrzynski:

that's,

Jaime Cadena:

Thank you Wojciech

Wojciech Wegrzynski:

we'll need to catch up, uh, at some point to see how it went out, if it got traction and where did you develop it further? Because I don't think that's the, that's the end of it. I hope it's a beginning of a whole new chapter in fire safety engineering. Thanks

Jaime Cadena:

hope

David Lange:

Hopefully. Thanks Wojciech

Wojciech Wegrzynski:

And that's it. I hope you liked it. As I've mentioned in the brief introduction to the talk, to change the scientific discipline, you have to enter it from outside of it. It's not possible to change the scientific discipline from inside. And that's what Jaime is trying to do. He's been a process engineer, chemical engineer learned his craft in that discipline and then jumped into the fire. See how this knowledge can be applied. And as you see, it leads to some very, very interesting concepts. In fire safety engineering we so often focus on the trash hold values, the goals, you know, the numbers written in our codes towards which we pursue, and we push the craft while sometimes we forget what the craft is about. We sometimes don't think about the changes we do to the building. Go with them blindly just to meet another deadline, another threshold, another goal. To seek this methodology that is absolutely focused on the process itself, learning the building, discovering, going through iterations to find the optimal safety in the. That's truly fascinating. And I think it could lead to a very, very safe design. Obviously there's challenges and I'm more than a word of that. It's going to be time-consuming. It's not going to be applicable to every building. I think it also leads to creation of a catalog of standardized buildings with this very well done risk analysis. That could be a starting point for further analysis. If that will be the case, the thing would not be as time-consuming and would lead to very high quality risk analysis for the buildings. So maybe we should try. That's I think that's a, quite a good concept. And maybe if I find a keen student, I'll push them towards such an analysis. Let me know what you think in the comments or on Twitter. I'm very keen to hear. What are your opinions about where could we go with risk analysis and fire, or maybe where should it go? So that's it for today. I hope you've enjoyed this episode. And as usual, I'll be waiting for you with the next one on next Wednesday. And again, I have a great guest. it's going to be U Q University of Queensland again, so, but I'm not going to tell you who that's that's that's the mystery. I'm sure you're going to love it and, yeah. See you next Wednesday. Bye.