Upload
molly-daniels
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
PRISM Seminar, BratislavaSlide 2
• 300 offices in 100 countries• 5,500 employees – qualified professionals, technical specialists and
consultants
DNV’s worldwide network
London
DNV Principal Offices
AberdeenOslo
GothenburgStockholm
EssenMilan
Piraeus
DubaiMumbai
Singapore
Shanghai
Seoul
Kobe
Rio de Janeiro
Houston
New York
Stockport
PRISM Seminar, BratislavaSlide 3
• Development and implementation of safety management systems
• Identification and assessment of the risks from major hazards
• Innovative safety cases• Human factors of major accident prevention• Behavioural safety/culture change• Environmental performance improvement
DNV and Safety Management
PRISM Seminar, BratislavaSlide 4
The risk management agenda
Societal
Economic Legal
Political
AssetsImage
Product People
Business Risks
INTERNALLYDRIVEN
“Shareholders”
EXTERNALLY DRIVEN
EXTERNALLY DRIVEN
PRISM Seminar, BratislavaSlide 5
Top Ten HF Issues Organisational change and transition management Staffing levels and workload Training and competence Fatigue from shiftwork and overtime Procedures HF in risk assessment and investigations Communications HF in design (e.g. control rooms) Organisational culture Maintenance error
PRISM Seminar, BratislavaSlide 6
Understanding human failure
Errors
Skill based
Mistakes
Violations
Knowledge based
Lapses
Slips
Rule based
Exceptional
Situational
Routine
Human errors are not random
PRISM Seminar, BratislavaSlide 7
HF approaches to risk assessment
• Method 1: HF in the Safety Case– Top down approach
– All human operations
– Part of Seveso safety case
• Method 2: HF in major accident hazards– Bottom up approach
– Concentrating on MAH scenarios
– Implemented into safety case
PRISM Seminar, BratislavaSlide 8
Method 1: HF in the Safety Case
• Part of overall COMAH assessment:– Descriptive Elements
– Predictive elements
– MAPP & SMS
– Technical elements
– Emergency response
– Source information
• HF aspects in several elements – Supporting appendix of HF information
– Referred to in all relevant sections
PRISM Seminar, BratislavaSlide 9
Human factors Appendix
• Description of the human factors assessment of the plant
• Aim:– To demonstrate that human factors issues have been taken
account in the risk assessment
– To show that their potential effect has been considered as a contributor to the overall risk levels arising from the day to day operation
PRISM Seminar, BratislavaSlide 10
Human factors Appendix
• Identification and consideration of specific human factors issues that have led to major incidents in the past.
• Application of task analysis and human error identification techniques for the assessment of safety critical operations and maintenance tasks.
• Identification of the potential for violations of procedures to increase risk levels on site.
• Organised according to key human factors issues :– Identification of potential for human failures.
– Demonstration of control measures.
– Justification of the reliance on human reliability.
PRISM Seminar, BratislavaSlide 11
Data collection
• Review of MAH tables.• Site tour including discussion of activities in the following areas:
– Fuel receipts.– Tank farms.– Interceptors.– Tanker loading bays.
• Interviews with:– Terminal manager.– Operations staff.– Maintenance manager.– Security staff.
• Demonstration of operations in the control room.• Review of site held documentation including:
– Safety management system.– Key risk control systems.– Site HAZOP.
PRISM Seminar, BratislavaSlide 12
Error Analysis: Sherpa techniqueAction Error Consequences S/E
CritSafeguard/Recovery
1. Tanker loading – Entering the Loading Bays
Drive up to loading bay.
Collide with another vehicle/equipment on the way to theloading bays.
Damage to equipment tanker.Loss of product from loadedtanker
Y Training of tanker drivers.Site speed limit.Traffic management around the loading bays.
Collide with loading bay. Potential damage to loadingbay including deliverysystems and pipe work.
Y Training of tanker drivers.Site speed limit.Parking alignment indicators.
Enter bay closed forMaintenance
Potential injury toMaintainers
Y "No Entry" paddle, traffic cone &Signage
Enter wrong loading bay. Product not available ortop/bottom loading notavailable.
N Loading bays and fuelling arms arenumbered, matching driverInstructions
Enter restricted area beforeloading bay required has beenvacated.
Potential for hazard due toengine running.
Y Driver training.Observation of bays on CCTV.Behavioural observations.
Omit to switch offunnecessary electrical itemsbefore entering bay.
Potential hazard. Y Driver training.Isolation of electrical systems.Behavioural observations
PRISM Seminar, BratislavaSlide 13
High potential human error operations
• Road tanker loading
• Recovery from a compartment overfill (contained).
• Recovery from an overfill resulting in product spillage.
• Fuel receipts
• Filling COC tank.
• Operations tasks in and around the tank farm.
• Pump inspection.
• Inspection of loading bays.
• Testing of Fire pumps.
PRISM Seminar, BratislavaSlide 14
Demonstration of existing control measures
• Risk ranking of human errors– Linking human errors to MAH scenarios
– Identifying severity of consequence & likelihood
• Implementation of Control Measures and Safeguards – Driver training
– Behavioural observations
– Maintenance control (PtW)
– Vehicle / equipment inspections
– Etc.
PRISM Seminar, BratislavaSlide 15
Method 2: HF in major accident hazards
• COMAH (Seveso II) compliance…demonstration of:– Evaluation of potential human error
– Effectiveness of human interventions required to maintain control
• Establish awareness of human factors:– Line Management
– Engineering design
• Technology transfer:– Develop internal HF assessment methodology
– Apply to all types of activities on site
– Suitable for use by non-HF professionals
– Complement other risk assessment techniques
PRISM Seminar, BratislavaSlide 16
Incorporate relevant results into Safety Report
Major Accident Hazard scenarios identified from
COMAH Safety Report
Task inventory & criticality assessment
Observational data
Identify critical tasks
Error analysisTask analysis (HTA & concurrent)
Qualitatively assess critical tasks and potential errors
Staffing assessment
Alarm & Procedure checklists
Evaluate the safeguards
Identify risk control strategies
Before Assessment
Assessment
After Assessment
Human Factors Method to Support COMAH
PRISM Seminar, BratislavaSlide 17
Procedure Checklist
A. Procedure Design
Is the procedure of an appropriate length?
BP Procedures are kept as concise as possible whilst still conveying all the necessary information. The length of the procedure has been designed with the context of use in mind.
S Procedures are generally of a usable length, but may not be sensitive to the context of use.
P Length of procedures makes them very difficult to use. No account taken of context of use.
PRISM Seminar, BratislavaSlide 18
Alarm checklist
Engineering Equipment and Materials Users Association (EEMUA), 1999, Alarm Systems: A Guide to Design, Management and Procurement. EEMUA Publication No. 191. The Engineering Equipment and Materials Users Association: London
Auditory alarms
Can all auditory alarms be heard from all parts of the plant that the operator may be, even when wearing ear protection?
BP An assessment has been performed to ensure that all alarms can be heard from all parts of the plant. When wearing ear protection, another operator is available to deal with alarms.
S No problems have been reported with alarm audibility throughout the plant. When wearing ear protection, another operator is available to deal with alarms. No assessment has been performed.
P Certain alarms cannot be heard from certain parts of the plant, or when wearing ear protection.
PRISM Seminar, BratislavaSlide 19
Concurrent Task Analysis
Task No Task Step 1 2 3 4 5 6 7 8 9 10 11 12
1 Charge to Vessel 1 A P X X A A A A P A A
2 Transfer to Vessel 2 A P X X A A A A P A A
3 Add additions A A P P A A A A P A A
4 Sample to lab for approval
X X S P X X X X X X X
5 Set up suplhuric acid sotz container
X X P S X X X X X X X
6 Transfer to Vessel 3 A A P X X A A A P A A
Critical (HTA) Tasks ...which of these tasks can be performed concurrently?
Make Monomer Charge Monomer
PRISM Seminar, BratislavaSlide 20
Staffing assessment
B1 Are all safety- critical processes
covered by a reliable automated shutdown
device?
No Yes
No
C1 Are all safety- critical failures
covered by a reliable audi ble al arm?
No
D1 Would the alar ms be effec tive in alerting
an oper ator fr om elsewhere?
Yes
E1 Are there enough personnel elsewhere to attend to the alar m
AND will they be availabl e given the nature of their jobs?
F1 Do the summoned personnel have basic
competency to recover the situati on?
Yes
Yes No
Staffing adequacy level 0
Staffing adequacy level 0
No
G1 Could the summoned personnel recover the situati on considering the time required to attend?
No
Staffing adequacy level 0
Yes
Yes
No
Yes
Assumption: even if the operator is onl y
called away for a short, ti me, s/he could
be delayed unexpectedl y.
Data requirements
A1 - COMAH report; Training records; Roster pattern; Break pattern. B1 - COMAH report; Critical instruments list; Recent reliability test data; Design basis documentation (hardwired or sof tware to appropriate SIL); Incident/ Accident data. C1/C2 - COMAH report; Critical instruments list; Recent reliability test data. D1/D2 - Alarm ev aluation; Task analysis. E1/E2 - Roster pattern; Break pattern; Operator experience; Common-mode f ailure data; Incident/ Accident data. F1/F2 - Training records; Procedure ev aluation; Ev ent based procedures; Emergency Procedures. G1 - Operator experience; Incident simulation response times; Incident/Accident data.
Go to Questi on
B2, Diagram 2
A1 Are all ongoing safety-critical
processes constantl y attended by a
competent operator?
Figure 5: Staffing Level Decision Flow Diagram 1
Staffing adequacy level 1
C2 Are all safety- critical failures
covered by a reliable audi ble al arm?
No
D2 Would the alar ms be effec tive in alerting
an oper ator fr om elsewhere?
Yes
E2 Are there enough personnel elsewhere to attend to the alar m
AND will they be availabl e given the nature of their jobs?
F2 Do the summoned personnel have basic competency to recover
the situati on?
Yes
Yes No
G2 Could the summoned personnel recover the situati on considering the time required to attend?
No
Yes
No
Yes
Staffing adequacy level 1
Staffing adequacy level 1
Staffing adequacy level 1
Staffing adequacy level 2
Staffing adequacy level 0
Staffing adequacy level 2
Staffi ng or control measures i n place are likel y to be inadequate. Immediate measures shoul d be taken to improve staffing or control measures.
Staffing adequacy level 1
Staffi ng or control measures may be insufficient. I f there is a reliance on trips, slam shuts, or other fail-safe mechanisms, reliability must be justified. Staffing levels should be considered to ensure that essential monitoring, control and incident r esponse activiti es can be conducted.
Staffi ng or control measures a re likel y to be adequate. Monitoring sys tems shoul d be established to ensure that staffing remains adequate.
No
Take one top- level task anal ysis stage or area of responsi bility
Health & Safety Executive, 2001, Assessing the safety of staffing arrangements for process operators in the chemical and allied industries. Contract Research Report (CRR) 348/2001. HSE Books. See http://www.hse.gov.uk/research/frameset/crr/index.htm.
PRISM Seminar, BratislavaSlide 21
Example: Automated continuous plant
• General control room duties difficult to assess• Selected a manual task, and looked at links to control room
activities– e.g., communications, data entry & decision making
• Example – taking sample of reactor contents– Error: fail to close circulation valve on sample cooler– Consequence:
• Unrepresentative sample taken - status of reactor unknown• Potential runaway reaction
– Recommendations:• Ensure all operators understand importance of sampling• Improve labelling of valves• Investigate linking valves to sample point
PRISM Seminar, BratislavaSlide 22
Example: Design phase of new plant
• Multi-disciplinary team established during design phase• Applied methodology to proposed design:
– Identified how plant will operate– Identified design problems before too late– Identified manning levels– Most importantly…ensured employee involvement
• Example – connect road tanker to off-load point– Error: driver connects to wrong point– Consequence:
• Incompatible substance into storage tank - exothermic reaction– Recommendations:
• Tanker drivers not allowed on site unaccompanied• 2 x paperwork checks• Off-load points locked
PRISM Seminar, BratislavaSlide 23
Method 1: Bottom up approach
• Pros:
– identifies main activities
– Covers many activities
– Quick
– Low manpower requirements
• Cons:
– Can be superficial
– Hard to find people when you need them
– Might miss certain root causes
PRISM Seminar, BratislavaSlide 24
Method 2: top down approach
• Pros:
– Very thorough
– Based on severity of MAH scenario
– Involves workers and supervisors
– High face validity
– Information rapidly gathered
• Cons:
– Time consuming
– Significant commitment from all involved
– Understanding of error mechanisms is required
PRISM Seminar, BratislavaSlide 25
Conclusions
• Human errors are predictable• Task analysis approach helps identify causes and
consequences.• Complexity of operation should drive HEA
– More complex plant requires more complex process
• Commitment of time and people required for any aproach.
PRISM Seminar, BratislavaSlide 26
difference that counts: DNV CONSULTING
Safeguarding life, property and the environment
Any Questions? Jakýkoliv otázky?