Are you in control of process safety? Basis of safety assurance can provide the answer

Similar documents
Health and Safety Management Standards

TECHNICAL PAPER. Selection of HAZOP or PHR for Retrospective Hazard Reviews (RHRs)

PROCESS SAFETY MANAGEMENT PROGRAM UNIPAR CARBOCLORO

Session Nine: Functional Safety Gap Analysis and Filling the Gaps

26 PROCESS SAFETY MANAGEMENT

ENVIRONMENTAL AUDITING GUIDE TD 16/16/E

Considering industry costs and benefits for Safety Management, can we do better?

GUIDELINES FOR THE CONDUCT OF OIL, GAS & PETROCHEMICAL RISK ENGINEERING SURVEYS

AUDITS & INSPECTIONS!!!

NEBOSH International Technical Certificate in Oil & Gas Operational Safety

Group Health & Safety. Management System

BROOKHAVEN NATIONAL LABORATORY SBMS Interim Procedure

Protective Systems Lifecycle Management and IPL Data Repository A database solution

HOW TO OSHA-PROOF YOUR PHAs

Standard Approach to Risk Management for Offshore Operations. R.T. Lokken Chief Offshore Engineer ExxonMobil Upstream Research Company May 12, 2014

Process Safety Performance Indicators in Chemical Industry What Makes It a Success Story and What Did We Learn So Far?

Quality, Health, Safety & Environment Manual

Occupational Health and Safety. Improvement Standard

Ammonia Terminals Risk Management Improvements

Electricity in underground mines and tunnels

MECHANICAL INTEGRITY

Opportunities for Improvements in Safety and Health Management Systems for Coal Mines - An Auditor's Perspective

COMPARISON OF PROCESS HAZARD ANALYSIS (PHA) METHODS

The Merlin Principles. The Elements of each Principle

Occupational Health and Safety Management Manual v2.2

THE COMPLETE GUIDE TO ISO14001

Bowmer. & Kirkland. Kirkland. & Accommodation. Health & Safety Policy.

LEVERAGING DATA TO DRIVE BSC PERFORMANCE. A Practical Introduction to Asset and Cleaning Operations Management for Building Service Contractors

Ivara EXP - Reliability Software

Life-cycle Management of Safety Instrumented Systems

Description of Gap or Gaps Use additional rows for each Potential Action.

NATIONAL ENERGY BOARD PIPELINE PERFORMANCE MEASURES REPORTING GUIDANCE

PSM Key Performance Indicators Nexen Energy ULC SEPT. 26, 2017 CCPS CALGARY REGIONAL MEETING

EVALUATION OF SAFETY CULTURE IN WANO PRE-STARTUP REVIEWS

Hazardous. Scheme. the power behind your business

Health & Safety. Report 2011/12

The National Heavy Vehicle Accreditation Scheme (NHVAS)

OH&S MANAGEMENT SYSTEM CHECKLIST - AS 4801:2001 (STATUS A = Acceptable; N = Not Acceptable; N/A = Not Applicable)

HAZARDOUS AREAS FOR WATER & WASTEWATER FACILITIES

CHAPTER 7: PREVENTION PROGRAM (PROGRAM 3)

Application of CSM on risk assessment at SBB

Quality Systems Basics

ASSET MANAGEMENT SERVICES

Introduction and Revision of IEC 61508

JOB SAFETY ANALYSIS (JSA) PROCEDURE NUMBER: HES-208

Traffic Incident During Refinery Turnaround

Are You Being Honest With Yourself Regarding IPL Integrity?

The Horse Rangers Association Health & Safety Policy

The Responsible Person AKA Technical Person with Executive Functions

Materion AMTS Supplier Quality Manual

AUDITING CONCEPTS. July 2008 Page 1 of 7

Preliminary Hazard Analysis and Risk Assessment for the Wood Centre Development, Southwood Resources - Huon

Fixed Electrical Testing

HSE s AGEING & LIFE EXTENSION KEY PROGRAMME (KP4) Andy Duncan, CEng KP4 Manager. Health and Safety Executive

IBM Chemical & Petroleum. Enterprise asset management: Why it s even more important in today s oil and gas industry

Jon Keswick, CFSE aesolutions Inc. 250 Commonwealth Drive, Suite 200 Greenville, SC 29615, USA

ERM CVS s Approach Performance Based Certification versus Traditional Auditing Approaches

Qualitative & Quantitative Hazard Analysis

9 ENVIRONMENTAL MANAGEMENT PLAN 9.1 OVERVIEW AND SCOPE Introduction

CASE STUDY. Network Rail keeps services on track with accurate asset information ABB Ability Ellipse + Fieldreach case study

Audit report 1 Background 1.1 Analysis and assessment of risk - key elements for safe operations

Health and safety objectives.

Operational Safety Integrity Closing the Safety Loop

APCChE 2012 PSM Seminar Feb 2012 Critical role of leadership in preventing Major Accidents in the Chemical Process Industry

What s On The Horizon: Possible Changes to OSHA s PSM and EPA s RMP Requirements

DRAFT ROLE DESCRIPTION Riverina Murray Destination Network, Administrative Assistant

Safety Management System Assessment Guide TP 14326E (05/2005)

Performance audit report. New Zealand Transport Agency: Information and planning for maintaining and renewing the state highway network

Health & Safety Induction for Staff, Service Users & Volunteers

Health and Safety Manual

IEC Is it pain or gain?

General Guidance for Developing, Documenting, Implementing, Maintaining, and Auditing an SQF Quality System. Quality Code. SQF Quality Code, Edition 8

See revision section. Resources, Roles, Responsibility, Accountability, and Authority. Section in OHSAS 18001:2007

RAS TEK PVT LTD An ISO 9001:2008 certified Company. Health, Safety and Environmental Management System Manual

ABB LIMITED. Technical training

RTC EDUCATION LTD T/A REGENT COLLEGE REGENT SKILLS TRAINING

FSC36 SAFE FEED/SAFE FOOD GUIDANCE DOCUMENT

COAL - HAZOP SYSTEMS ANALYSIS GRINDING AND FIRING

INTEGRATED RISK-MANAGEMENT MATRICES

OCTC Ohio Chemistry Technology Council

The SMS Table. Kent V. Hollinger. December 29, 2006

Candidate NICET ID No.: NICET ENGINEERING TECHNICIAN CERTIFICATION Experience Application, Part II: Verifier Data. (Please print legibly or type)

Section 11: Water treatment and related matters

Transporting radioactive material - Guidance on radiation and contamination monitoring requirements, and determining a Transport Index

The essential guide to the mandatory knowledge, skills and competencies required for personnel designing for or working in hazardous areas

HAZOP and What-If Analyses

REDEFINE YOUR BIOMEDICAL, FACILITIES, & HEALTHCARE TECHNOLOGY MANAGEMENT STRATEGIES

Guidance on Independent Assessment. Rail Industry Guidance Note. Published by: RSSB Block 2 Angel Square 1 Torrens Street London EC1V 1NY

GUIDEBOOK CODE OF CONDUCT MANAGEMENT SYSTEMS

Risk Communications. Barrier Diagrams and Web-sites. Robin Pitblado, DNV Houston Ravi Tahilramani, DNV Abu Dhabi

Environmental Conditions Laboratories (for commercial use) Group

Development of Bracknell Adult Social Care Quality Assurance Framework

STANDARD. Competence management systems DNVGL-ST-0049: DNV GL AS

Corporate Aviation Safety Management System

Performance Standards for Self-insurers

JULY 10, 2013 INTRODUCTION

Verify Category A Audit Content

New Lloyd s Register Rules for Natural Gas Fuelled Ships

Transcription:

Loss Prevention Bulletin 231 June 2013 23 Safety practice Are you in control of process safety? Basis of safety assurance can provide the answer Phil Eames Eur Ing BSc CEng FIChemE Eames Risk Consulting Summary Effective process safety management requires a thorough understanding of process risks so that the means to prevent and control them can be put in place and maintained. Structured techniques such as hazard identification (HAZID) and hazard and operability study (HAZOP) are used to identify major accident scenarios and how they are prevented or controlled. The description of major accident scenarios and the means to prevent and control them (the layers of protection or barriers) is often termed the basis of safety. The purpose of a process safety management system (PSMS) is to provide a framework of high level procedures (risk control systems), the object of which is to maintain protective equipment and procedures in a healthy state. Therefore many organisations, when they seek to assure themselves that process safety is being managed appropriately, base this assurance on auditing of the PSMS. However, process incidents are almost always caused by failures of multiple risk control systems at a detailed level. The potential interactions between failures in different systems are often not visible at the level of the PSMS, which is normally constructed of distinct generic elements (mechanical integrity, incident investigation, management of change etc.). Auditing of distinct PSM elements may not identify the potential for an incident due to such interactions. Moreover, nowadays PSMS are tending to become more integrated with occupational safety management systems, environmental management systems and quality systems, making their role in the prevention of process incidents potentially less visible at system level. Given that the prime concern in process safety management is to prevent process incidents from occurring, it makes sense to devote some assurance effort directly to the scenarios themselves and to their specific layers of protection. This is the essence of Basis of Safety Assurance. Whereas auditing addresses the component elements of the management system, Basis of Safety Assurance seeks to challenge the effectiveness of the process hazards analysis and of the layers of protection for specific process incident scenarios, thereby providing direct assurance that the preventative and protective measures are in place and working. This is not to suggest that auditing is not a necessary or effective tool but focusing on an organisation s key process incident scenarios can be a very direct and costeffective way to provide assurance that process safety is being managed appropriately, complementing traditional audit-based assurance processes. This paper describes the Basis of Safety Assurance technique and the experience of its use. It explains how the technique can be used to enhance an organisation s process safety management programme. Keywords: Process safety management, basis of safety assurance The limitations of audit-based assurance Traditional process safety assurance or governance systems are based on audits of the process safety management system. However, in many organisations the components of the PSMS form part of a larger safety, health, environmental and possible quality management system, and may not be distinguished from components designed to control personal safety and health risks. This means that focus on process safety may diluted by or obscured by the larger management system. Even if the PSMS is a stand-alone system, or is visible within a larger system, auditing focuses on the system as a whole and not on the control of specific risks. Auditing is often undertaken on an element-by-element basis, which is likely to miss the potential interactions between failures in elements that characterise complex process safety events (as represented by the Swiss Cheese model). Moreover, even within a single element significant audit time is normally spent on understanding how the element is managed and relatively little time is spent on detailed field verification. Field verification aims to confirm that the system is in compliance (for example that trip testing is being carried out to plan), rather than test that the system is effective in protecting against the risk of a specific scenario (for example the trip is indentified as a layer of protection in HAZOP, there is a written test method, the trip test method is an end to end test, faults identified in previous tests have been corrected etc.). safetyassurance.indd 23 30/05/2013 15:31

24 Loss Prevention Bulletin 231 June 2013 Layers of protection and process safety vital signs In his book on the management of complex process risks, James Reason 1 wrote of the need for proactive checking of the process or plant (the system as he describes it): In the absence of bad outcomes, the best way perhaps the only way to sustain a state of intelligent and respectful wariness is to gather the right kinds of data. This means creating a safety information system that collects, analyses and disseminates information from incidents and near misses as well as from regular proactive checks on the system s vital signs (my capitals). All of these activities can be said to make up an informed culture, one in which those who manage and operate the system have current knowledge about the human, technical, organisational and environmental factors that determine the safety of the system as a whole. In most important respects, an informed culture is a safety culture. The state of health of layers of protection is very much vital signs for the process in relation to major accident scenarios. If they are specified and designed correctly, maintained and tested, then the process is safe. The proactive checking that layers of protection are in place and healthy provides exactly the current knowledge of the state of the plant and the organisation that Reason holds to be so important. The basis of safety assurance event The testing of the state of health of layers of protection for specific major accident scenarios is the centrepiece of a Basis of Safety Assurance event, a generic agenda for which is shown in Figure 1. The initial part of the event aims to understand the major accident hazards associated with the process by discussion, field visits and review of the process hazards analysis (HAZID and HAZOP documentation). This would typically take one day, during which time an assessment of the quality of the site s process hazards analysis and documentation of the basis of safety is also made. It culminates in the selection of specific scenarios to be subjected to detailed assessment, sometimes termed a drill-down or deep dive. It is useful to select a range of different types of scenario if Phase Day Activity Preparation 0 Arrange for immediate access to key personnel and information during time on site Introduction 1 Introduction to process safety on the site Review of major accident risks Site tour Examination of process hazards analyses Selection of drill-down scenarios Drill-downs 2.N Detailed drill-downs, approximately four per day, includes field visits Feedback N+1 Preparation and delivery of feedback Figure 1: Basis of Safety Assurance Agenda this is possible (fire, toxic release, environmental etc.), so that many different types of safeguard are subject to assessment (pressure relief systems, instrumented protective systems, passive and active fire protection systems, secondary and tertiary containment systems etc.). The main part of the event comprises the scenario assessments. Each scenario assessment typically takes around two hours, depending on the quality of the basis of safety documentation, the knowledge of the team and the speed of data retrieval (how fast plant records can be accessed to verify that maintenance and testing is taking place, for example). Findings from the scenario assessments provide the required assurance that layers of protection are healthy or lead to the generation of recommendations for improvement. Common findings across a number of assessments can provide a useful indication of systemic issues, for example, weaknesses in proof test procedures or compliance with testing regimes. This is the way in which it complements conventional process safety management auditing. The scenario assessment technique Most value can be gained from the scenario assessment technique if it is conducted as a team exercise. Experience has shown that the best results can be obtained by deploying two process safety specialists as assessors; one with more a process safety management systems and operations background and the other with more of an engineering and asset integrity management background (this also helps from a leading and scribing standpoint since the event is recorded in a similar way to a process hazards analysis). In addition to the assessors, the involvement of process engineers, operating managers and maintenance engineers is important in providing the understanding of the scenario and the whereabouts of information to verify that the identified layers of protection are in place and being maintained. Since scenarios are normally selected from the site s process hazards analysis or basis of safety documentation, a scenario assessment normally starts with this documentation. The scenario is described and the relevant records are referenced, shown in the upper part of the recording form in Figure 2. It is important to note that the existing documentation may not fully describe the scenario, since the quality of HAZID and HAZOP documentation is heavily influenced by team composition, knowledge available, leader competence, availability of time and recording policy. Therefore it is important that the assessors work with the team to identify all the relevant safeguards, which are recorded in the left hand column of the template shown in Figure 2. Note that the term safeguard is used rather than layer of protection because the aim is to capture safeguards such as procedures and emergency plans as well as physical independent protection systems that are the focus of formalised Layers of Protection Analysis. Once safeguards have been listed the assessors ask for each safeguard in turn what can we check is in place? This is recorded in the verification column. Examples include procedure number and latest version, alarm test methods, maintenance routines and pressure safety valve test records. Evidence for each verification is then sought and the findings recorded in the findings column of the template. It is safetyassurance.indd 24 30/05/2013 15:31

Loss Prevention Bulletin 231 June 2013 25 MAJOR ACCIDENT HAZARD SCENARIO DRILL DOWN DESCRIPTION OF SCENARIO: HAZARDS ANALYSIS REFERENCE: Figure 2: Scenario Assessment Template important that documentary evidence is collected to ensure that the assessment is suitably probing and detailed. Conclusions are then drawn for each safeguard. This may be a simple OK if everything expected is in place, but may be a recommendation for improvement, a corrective action or a recommendation to consider whether a finding may be evidence of a systemic weakness. In viewing the robustness of the safeguards as a whole the team may determine that additional risk reduction is appropriate and make a recommendation to identify additional risk reduction measures (a form of as low as reasonably practicable or ALARP assessment in UK terms). It is important to include a field visit for each scenario. This has two purposes. One is to physically check that safeguards are installed in line with the design intent, for example that relief devices are in place and that passive fire protection and secondary containment are in good condition. Photographs of deficiencies provide high-impact evidence to site management. The second purpose is to talk to operators and maintenance technicians about their understanding of the process and of the major accident hazard that is being assessed. This gives an insight into the quality and experience of staff and the quality of process-specific training that they have received. An example of a completed assessment form is shown in Figure 3. Experiences with the technique There is now a significant body of experience of Basis of Safety Assurance across a number of process industry sectors. Companies have found it useful regardless of sector or degree of process hazard (major hazards facilities are more familiar with the concepts but it is readily applicable to lower level process hazards). Some important advantages of using the scenario assessment drill-down technique are as follows: Drilling down into specific scenarios can identify significant risk exposures and weaknesses at a very detailed level, for example: Trips tested at commissioning only; Absence of detailed test methods and reliance on technicians experience; Trip testing not from sensor to final element (end-toend); Reliance on third parties for proof testing; Demands on trips more frequent than the design basis. Examining multiple scenarios can provide evidence of whether there are systemic weaknesses. The technique is useful to identify weaknesses in process hazards analysis and in keeping process hazards analysis records and basis of safety documentation up to date. The technique is a useful vehicle for providing training materials for specific process hazards. Conclusion Because it focuses on specific risks, Basis of Safety Assurance complements conventional PSM system audit activities. It helps to maintain a focus on major accident hazards and improve the understanding and documentation of them. It aligns with line management responsibilities for specific processes and assets, and it directly exposes risks of major accident hazards, thus providing real time assurance to management. References 1. Reason, J.T (1997), Managing the Risks of Organisational Accidents, Ashgate Publishing, Aldershot, UK. safetyassurance.indd 25 30/05/2013 15:31

26 Loss Prevention Bulletin 231 June 2013 Figure 3: Scenario Assessment Example MAJOR ACCIDENT HAZARD SCENARIO DRILL DOWN DESCRIPTION OF SCENARIO: Storage Tank V7706 (150m 3 ) is overfilled during (continuous) run-down and a large volume of solvent is released into the bund from the breather/emergency vent, which is subsequently ignited resulting in a flash fire/pool fire and several fatalities. PHA REFERENCE: No specific scenario was identified for this material as incidents involving acetone were taken as the representative set. The acetone scenario for overfill was estimated to result in two fatalities. Monitoring of level transmitter by operators and dependent alarm function. 1. Calibration and maintenance of level transmitter alarm LIA7706. 2. SOP requiring level monitoring. 1. No regular maintenance is now performed on the level transmitter following the installation of the independent high level switches. Corrective maintenance is performed based on notifications raised by the operators. 2. There is no specific SOP relating to the operation of this solvent storage tank. Consideration implementing routine level transmitter calibration on solvent storage tanks. Independent high level switch with trip of run-down line. 1. Proof testing of high level trip LZA-7706H. 1. The trip is proof tested annually 2. The last proof test of this instrument was carried out on the 27/4/10. The proof test is an end-to-end test to a predefined test method including checklist. 3. No SIL assessment has been conducted. Controls appear to be effective. However, conduct a SIL assessment for this scenario to verify that the proof test interval is adequate to provide the required level of protection. Bund 1. Visual integrity of bund B7706. 2. Integrity testing of bund B7706. 1. The bund appears to be in good repair, with no penetrations. 2. There is currently no ongoing inspection of bunds being carried out. The bunds have been inspected to ensure that they are of sufficient capacity. An initial inspection of their integrity has been carried out visually and some repairs are required. A SOP exists for the inspection of bunds. Ongoing inspection is the responsibility of the Area Engineer. Implement a bund integrity inspection programme and consider implementing bund testing. Flammable gas detectors 1. Location of detectors FGD7706A,B,C. 2. Maintenance and proof testing of detectors FGD7706A,B,C. 1. Three detectors are installed, two of which are in the bund. 2. Maintenance is carried out under contract with CGT. The maintenance frequency is every six months. The contractor uses calibration gases to check the detector calibration and a check of the alarms is performed. Very few problems have been experienced other than some initial commissioning problems related to the positioning of the detectors. safetyassurance.indd 26 30/05/2013 15:31

Loss Prevention Bulletin 231 June 2013 27 Control of ignition sources 1. Review hazardous area classification. 2. Examine earth testing programme. 3. Examine Ex inspection programme for any items of equipment in the bund. 4. Field inspection (earthing, lightning etc.). 1. Earth testing is carried out on a quarterly basis. Resistance must be less than 10 ohms. A task list has been developed with photographs to assist the tradesman. 2. A six-weekly visual inspection is also carried out to identify issues with connections etc. 3. Evidence was seen of inspections of Ex equipment within the area. The formal Ex inspection programme is in its infancy and further baseline data is required before a frequency of inspection can be determined. 4. Condition-based monitoring tasks are performed on pumps etc. in the area to prevent ignition sources from mechanical equipment, including visual inspection, vibration monitoring and thermography. 1. A wet test of the area foam-water sprinkler systems is carried out annually (triggered by SAP). Records of these tests were reviewed. Baden carries out maintenance on the system. Inspection of the deluge pipe work is carried out and pipe hangers etc. are replaced as necessary. Monthly checks are carried out to check deluge valve operation and records are kept on cards. These are reviewed by PT Global. PT Global carries out an annual audit of the fire protection system in its entirety. Expected controls are in place. Control of mechanical ignition sources is good practice. Opportunity to further develop the formal Ex inspection programme towards detailed inspection programme. Fire protection system 1. Examine fire protection test regime. Effective control by recognised specialist third party. Summary The layers of protection provided for this scenario are in line with recognised good practice for flammable storage overfill and fire protection. There are opportunities for improvements in terms of: (1) the proactive checking of storage tank level transmitters; (2) SIL assessment for this scenario; (3) bund inspection and test programme. safetyassurance.indd 27 30/05/2013 15:31

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback