Bow Tie Explained

Bow-Tie Diagrams in Downstream Hazard

Identification and Risk AssessmentYaneira E. Saud, Kumar (Chris) Israni, and Jeremy GoddardERM Americas Risk Practice, 15810 Park Ten Place Suite 300, Houston, TX 77084;[email protected] (for correspondence)

Published online in Wiley Online Library (wileyonlinelibrary.com). DOI 10.1002/prs.11576

Bow-tie diagrams are emerging as a very useful tool todepict and maintain an up-to-date, real-time, working riskmanagement system embedded in daily operations. They area proven concept in the worldwide offshore industry. Thesediagrams provide a pictorial representation of the risk assess-ment process. This article introduces the bow-tie concept tothe downstream and chemical process industries in theUnited States. The authors believe that bow-tie diagrams canbe a resourceful method in the safety and risk practitionerstoolkit to improve performance of the hazard identificationand risk assessment process and to demonstrate that majorhazards are identified and managed to as low as reasonablypracticable. Because of their graphical nature, the biggestadvantage of bow-tie diagrams is the ease to understandingof risk management by upper management and operationsgroups. VC 2013 American Institute of Chemical Engineers ProcessSaf Prog 000: 000000, 2013

Keywords: bow-tie diagram; cause-consequence; hazardidentification; risk assessment; risk management; bow-tie

INTRODUCTION

The concept of cause-consequence analysis is a combina-tion of the inductive and deductive reasoning of logic dia-grams (e.g., event-tree analysis or fault-tree analysis) [1]. Themethod has been used to identify the basic causes and con-sequences of potential accidents. Likewise, bow-tie diagram-ming provides a pictorial representation of the riskassessment process that, during the last decade, has becomeincreasingly popular, especially in the sector of oil and gasoffshore exploration and production. Because of their unpar-alleled advantages demonstrating that major hazards areidentified and controlled, bow-tie diagrams are widely usedin Europe and Australia to support safety reports and health,safety, and environment (HSE) cases for drilling and green-field major hazard facility onshore projects. Other applica-tions have been reported for healthcare, nuclear, transport,and organizational culture [2].

This article discusses the evolution of the risk-basedapproach in the United States and how the bow-tie modelwould fit in the risk management process for downstreamprojects and facilities, and it shares a representative bow-tie

case study application in making engineering controlsoperational.

REGULATORY REQUIREMENTS VERSUS BEST PRACTICES

U.S. Regulatory BackgroundThe evolution of the process safety approach for the

onshore industry within the United States has been drivenprimarily by the regulatory agencies. However, it was indus-try who produced one of the earliest process safety referen-ces; a brochure published in 1985 by AIChE-CCPS; AChallenge to Commitment. The article outlines a compre-hensive model characterized by 12 distinct and essential ele-ments to avoid catastrophic events. Other publications,American Petroleum Institute Recommended Practice (APIRP) 750, Management of Process Safety Hazards (1990), fur-ther refined the approach ultimately leading to the U.S.Occupational Safety and Health Administration (OSHA) pro-mulgation of the Process Safety Management (PSM) standardin February 1992 [3].

In addition, the U.S. Environmental Protection Agency(EPA) formulated a Risk Management Plan (RMP) rule [4]related to preventing accidental releases. The EPAs RMP ruleavoided overlap by integrating the process safety elementsstated in OSHAs PSM Standard.

Along similar lines but for offshore operations, the Safetyand Environmental Management System (SEMS) was intro-duced in 1991 by the Minerals Management Service, but thiswas deemed voluntary. Eventually, in late 2010, the Bureauof Ocean Energy Management, Regulation, and Enforcementpublished Final Rule 30 CFR Part 250 Subpart S that incorpo-rates by reference and makes mandatory API RP 75, 3rd Edi-tion [5,6], today enforced by the Bureau of Safety andEnvironmental Enforcement.

Irrespective of where the site is located within the U.S. orvicinityonshore or offshorethe approach to risk has pre-dominantly been regulatory driven. However, the 2010Macondo accident manifested evidence that the right path tofollow is a performance-driven approach to risk with opera-tors actively demonstrating that facilities have the appropriatebarriers to place to manage risks to as low as reasonablypracticable (ALARP) [7].

Trends in Global Risk Management StandardizationThe risk management approach has moved in the litera-

ture from the isolated concept (where the different risks aredistinctly administered) to an all-encompassing, integrated

This article was originally presented at 8th Global Congress onProcess Safety Houston, TX, April 14, 2012.

VC 2013 American Institute of Chemical Engineers

Process Safety Progress (Vol.00, No.00) Month 2013 1

approach (where risk management is optimized throughoutan organization). Some driving forces for risk integration are:

Increased number, variety, and interaction of risks. Accelerated pace of business and globalization. Tendency to quantify risks. Attitude of organizations toward the value-creating poten-

tial of risk. Common risk practices and tools shared across the world

(Figure 1).

The international community has created documentsrelated to the standardization of risk management that covergeneral guidance, terminology, requirements, and tools.Among them, documents worth mentioning are:

CCPS latest publications on the evolution of PSM to arisk-based management approach [8] and updated processhazard methods that include bow-tie diagrams [1];

International Association of Drilling Contractors SafetyCase guidelines where risk management is the center-piece of a comprehensive major hazards ALARP assess-ment [9,10]; and

The International Organization for Standardization (ISO)and the International Electrotechnical Commissionguidance for selecting and applying systematic techniquesfor risk assessment [1113].

We are moving toward standardized, operational riskmanagement, emphasizing:

The importance of a formal safety assessment roadmap,instead of isolated hazard identification studies,

A compilation of identification and assessment results,describing critical barriers that avoid major accidents in atangible, ALARP demonstration report,

Bow-tie diagrams appear as the tool of excellence to visu-alize the risk management process and transmit specificaccountability.

HAZARD IDENTIFICATION AND RISK ASSESSMENT (HIRA)

Identify, Evaluate, Analyze, and ManageHIRA includes hazard identification and evaluation, risk

assessment, and reduction of events that could impact pro-cess safety, occupational safety, environment, and socialresponsibility.

The ISO Risk Management Principles and Guidelinesstandardize risk assessment in four parts: risk identification,risk analysis, risk evaluation, and risk treatment. The firststeprisk identificationis achieved by identifying all haz-ards and their subsequent consequences.

The risk management process has reached a level of ma-turity where recent and future improvements are focused tobetter manage risk and include review and monitoringchecks, to ensure desired performance, in order to preventand mitigate major accident events. The risk managementprocess is a key factor in the success and sustainability of oiland gas facilities and must be ingrained into the entire pro-cess life cycle.

Where Do Bow-Tie Diagrams Fit in HIRA?To understand the use and application of bow-tie dia-

grams in downstream, risk-based process safety, a transitionmust be made from hazard identification to risk assessment.Hazard identification is a key provision in the U.S. regula-tory-based safety management systems (e.g., PSM, SEMS).

This process includes the orderly, systematic examinationof causes leading to potential releases of hazardous substan-ces and what safeguards must be implemented to preventand mitigate a loss of containment resulting in occupationalexposure, injury, environmental impact, or property loss.

Process hazard analysis (PHA) techniques like hazardidentification (HAZID) and hazard and operability (HAZOP)studies are the tabular hazard methods most widely used foroperational hazards identification. HAZID studies frequentlyare used in exploration, production, and mid-stream opera-tions, both onshore and offshore. However, comparing toother worldwide best practices such as HSE cases foronshore and offshore facilities, hazard identification by itselffalls short of applying the risk management process [7].

Moving from identifying hazards to qualitative riskassessment is achieved using semiquantitative matrices,which is essentially an interaction of the two attributes of

Figure 1. Evolution of risk-based process safety [8].

Figure 2. Typical bow-tie diagram. [Color figure can be viewed in the online issue, which is available atwileyonlinelibrary.com.]

DOI 10.1002/prs Process Safety Progress (Vol.00, No.00)2 Month 2013 Published on behalf of the AIChE

riskseverity and likelihood. The exercise amounts to riskranking these undesired events. The hazard evaluation teammust identify ways to reduce the consequence or reduce thelikelihood of high or medium risks through preventive or mit-igation barriers to ensure that the risk level is either accepta-ble or ALARP. Although ALARP can be demonstrated for anysystem regardless of design definition or focus level, complex,and costly decisions often require more accurate informationabout potential consequences and frequency of occurrence.

Bow-tie diagrams effectively include the main elements ofthe risk management process: identify, prevent, mitigate, andassess (refer to Figure 2). To enhance a risk-based approach,any tabular hazard identification can be customized to iden-tify preventive and mitigation safeguards (barriers) that canbe exported to a bow-tie diagram.

Risk assessment becomes quantitative when accident sce-narios need more precise numerical analysis to estimate theextent of a potential damage and its yearly frequency of occur-rence. Such quantitative risk assessment often involves the useof existing failure and loss-of-integrity data plus computationalmodels to simulate accident events. Typical quantitative riskassessments for the oil and gas industry include fire and explo-sion analysis, smoke and toxic gas dispersion analysis, fire andgas mapping, and dynamic events study such as ship collision,helicopter crash, or dropped objects studies (refer to Figure 3).

As illustrated in Figure 3, a bow-tie diagram may be anoptional way to identify hazards and display the risk man-agement process in an illustrative, all-inclusive way; this

approach has proven particularly useful for risk communica-tion. It also allows for extracting critical element systems thateither prevent or mitigate an accidental event. Even thoughbow-tie diagrams are considered a qualitative risk assess-ment tool, applications where quantitative analysis is neces-sary can also benefit by representing within the riskmanagement process exactly where the results refine theconsequence and frequency of undesired outcomes.

BOW-TIE TERMINOLOGY

Essential definitions while conducting bow-tie analysesare provided here for the benefit of the reader to understandthe terminology used and to relate it to the case studies.

Hazard: Anything inherent to the business that has thepotential to cause harm to safety, health, the environ-ment, property, plant, products, or reputation.

Threat: A direct, sufficient and independent possiblecause that can release the hazard by producing the topevent leading to a consequence.

Top Event: The moment in which the hazard is released;the first event in a chain of negative events leading tounwanted consequences.

Control: Any measure taken that acts against some unde-sirable force or intention in order to maintain a desiredstate; Proactive Controls prevent an event (left side ofbow-tie diagram), Reactive Controls minimize conse-quence (right side of bow-tie diagram).

Figure 3. Hazard identification and risk assessment process flow. Source: ERM North America Risk Practice. [Color figure canbe viewed in the online issue, which is available at wileyonlinelibrary.com.]

Process Safety Progress (Vol.00, No.00) Published on behalf of the AIChE DOI 10.1002/prs Month 2013 3

Escalation Factor: Condition that leads to increased riskby defeating or reducing the effectiveness of a control.

Consequence: Accident event resulting from the releaseof a hazard that results directly in loss or damage: per-sons, environment, assets, or reputation.

ALARP: Risk of a business where a hazard is intrinsic;however, it has been demonstrated that the cost involved inreducing the risk further would be grossly disproportionateto the benefit gained. The ALARP definition is linked withrisk tolerability and, thus, is different for every organization.

Risk Matrix: Company- or project-defined grid that com-bines consequence (severity) and frequency (likelihood)to produce a level of risk and defines the risk tolerabilityboundaries for attributes of interest (people, environment,assets, reputation).

HOW CAN BOW-TIE DIAGRAMS CONTRIBUTE TO HIRA?

After significant investment of time and resources in theHIRA process, it would be unthinkable to lose access to theresults in thick binders that are seldom opened again. Theknowledge and insight gained through the process of identi-fying hazards and assessing risks needs to be extracted andkept operationally current and evolving.

Operational excellence includes producing with no harmand no leaks, and it is not possible unless the operator man-ages, as a critical routine, the specific elements or compo-nents that eliminate or minimize risk (i.e., preventive ormitigation barriers; Refer to Figure 4).

Hence the successful documentation of a HIRA, for opera-tional excellence, includes:

Access to the information: the right level of detail at theoperators fingertips

Understanding the information: pictorial bow-tie repre-sentation that can be grasped as a whole or by threats orconsequences

Individual accountability for the barriers Systems to ensure barrier integrity assurance actions are

adequate, timely, and maintained throughout the lifecycle of the process or facility.

Identify Major Hazard EventsIn a process facility, although a plethora of hazards exists,

not all hazards have the potential of materializing to an acci-dent or major hazard event (MHE). Likewise, process hazardshave numerous risk control systems, but not all controls are

Figure 4. Contribution of Bow-tie Diagrams to HIRA and Operational Excellence. Source: ERM America Risk Practice.


considered safety-critical. Bow-tie diagramming helps one tounderstand the top events in a facility, the threats that canbe involved in a causation sequence, and the final conse-quences that the organization will need to face.

The generic definition of MHE involves hazards with thepotential to result in an uncontrolled event with immediateor imminent exposure leading to serious risk to the healthand safety of persons, environmental impact, or propertyloss [14]. A bow-tie session will generate MHE candidatesfrom the HIRA process that will be validated by key disci-pline team members and subject-matter experts. A consensusMHE list (10 to 15 items, typically) clearly defines the eventscapable of catastrophic losses in your facility and constitutesthe starting point of a bow-tie study.

Describe Risk Control Systems and Safety-criticalEquipment

The next step is to identify the key barriers that eitherprevent or mitigate an MHE. These barriers are risk controlsystems, and within them are vital elements known assafety-critical elements (SCEs). SCEs are any part of the in-stallation, plant, or computer programs the failure of whichwill either cause or contribute to a major accident or thepurpose of which is to prevent or limit the effect of a major

accident [15]. By extracting a list of SCEs, access to the con-trols and their perceived effectiveness are easier to under-stand, use, and monitor. A non-exhaustive list of SCEs,proposed by the Energy Institute London, is reproduced inFigure 5.

SCEs can be hardware, software, or human interventiontasks. They can be intrinsic to the design, added as riskreduction measures, or consist of administrative procedures.The bottom line is that the set barriers for each threat needto be legitimate to achieve a risk-reduction target; by block-ing the threats or providing timely control and mitigationonce top events materializes. For a barrier to be valid itmust:

Be able to stop a threat Be effective in minimizing a consequence Be independent from other barriers in same threat line

A common finding in accident investigations is the exces-sive reliance on procedures. Procedural barriers should beconsidered as complementary, and evaluation of escalationfactors due to human error must also be part of the bow-tiestudy. Therefore, barrier documentation must include anassessment of the number and quality rating of the barriersfor the overall risk control effectiveness.

Figure 5. Hazard identification and risk assessment process flow. Source: Guidelines for the Management of Safety Critical Ele-ments, London: Energy Institute, March 2007.


Elaborate Performance Standards and ProceduresNow that risk control systems (SCEs) have been identi-

fied, they will be of no value unless they consistently per-form when needed, as expected. Performance standards foreach SCE define and document the attributes (e.g., function-ality, availability, reliability, survivability, and interactionswith other systems). The following questions must beanswered by an SCE performance standard:

What? function must the SCE perform, before and after amajor event

How? will the SCE produce intended outcome on demand

Who? is the individual or position accountable for theSCE integrity

What? are associated interactions with other SCEs When? is inspection, maintenance, and testing required to

ensure a specific SCE attribute

Set Key Performance IndicatorsUnless an SCE is inspected, maintained, and tested, it will

deteriorate over time. Most of the accident investigationsconducted in the industry reveal broken or degraded

Figure 6. LNG loss of containmentcollapsed view. [Color figure can be viewed in the online issue, which is available atwileyonlinelibrary.com.]


barriers, where a complex sequence of unfortunate eventsresulted in a major accident.

To ensure that SCEs perform as intended, the outcomemust be described along with a lagging indicator to showthat the outcome has been achieved [16]. Leading indicatorsmust also be set to monitor the effectiveness of the SCEwithin the risk control system. Systems to define tier controllevels, tolerance, data collection, and follow-up outcomedeviations must also be established and kept throughout thefacilitys life cycle [17]. Moreover, facility modifications mustbe assessed and managed to establish their impact on theSCEs and to ensure that changes are incorporated into theperformance and verification regime.

Assure Competence and TrainingHuman factors continue to be recognized as an important

contributor to major hazard events and need to be appropriatelyaddressed. Human intervention is pervasive in the processindustries. SCEs are invented, designed, constructed, fabricated,installed, maintained, tested, and replaced by people. Bow-tieanalysis facilitates the assignment of individual roles for risk con-trol systems and SCE by providing clear performance expecta-tions and monitoring outcomes through leading and laggingindicators. By incorporating this valuable information, the com-petencies are better delineated, training programs, and

instructions are accurately designed, the operational proceduresare better designed and communicated; resulting in an operatorbetter equipped to fulfill his duties for safe and clean operations.Bow-tie diagrams have been successfully applied in humanorganizational change and optimization [18].

EXAMPLE OF DOWNSTREAM BOW-TIE DIAGRAMMING

A study case developed for a new coal seam LNG facilityin Australia is presented here. According to Australian regula-tions, the LNG plant is classified as major hazard facility(MHF) and, within the scope of engineering, procurement,and construction, a Safety Case Report must be submitted tothe MHF regulator [14].

A condensed list of MHEs (including loss of containment,occupational exposure, and global adverse events) and theirassociated SCEs were extracted from the formal safety studies(i.e., HAZIDs, HAZOPs, and project Hazard Register) thatwere completed during front-end engineering and design.During a bow-tie workshop, SCEs such as design, hardware,and procedures were validated and classified.

The list of identified MHEs included:

Loss of containment: Most MHEs will be concentrated inthe loss of containment of either hydrocarbons or hazard-ous substances.

Figure 7. LNG loss of containmentexpanded view, threats. [Color figure can be viewed in the online issue, which is avail-able at wileyonlinelibrary.com.]


Stored energy: Sudden release of hydrocarbons or hazard-ous substances due to mechanical or trapped pressurefrom stored energy sources.

Dynamic energy: Involves events of traffic (vessel colli-sion) or dropped or swung objects.

Occupational MHE: Confined space entry, high elevation,energy sources (stored energy, energized circuits).

Adverse weather events: Earthquakes, bush fire, heavyrain, flash foods.

The bow-tie method allowed the team to assess theappropriateness and robustness of the preventive and mitiga-tion controls for each identified MHE. Also, lessons learnedfrom other LNG projects were applied to challenge the bar-riers proposed in the design. Identified action items aimed atconfirming and improving SCEs were incorporated duringthe project execution phase. Figures 68 of this article areprovided as an illustration of the resulting diagrams.

ENVIRONMENTAL APPLICATIONS

The bow-tie concept was tested for an environmentalhazard identification (ENVID) study that was in progress foran offshore platform. The ENVID was conducted independ-ently of the HAZID. To stay consistent the HAZID approach,the authors applied the bow-tie technique to the conven-tional ENVID method.

A typical bow-tie originates at the center; beginning withthe hazard identified, and then is extended to either side forcause and consequence, respectively. Similarly, an environ-mental event was chosen to be the center of the bow-tie.The left-hand side was populated with the causes identified,and environmental consequences were populated on theright-hand side.

Conventionally, an ENVID is another brainstorming tech-nique that lists existing barriers or safeguards. In this case,using the bow-tie approach, the safeguards identified wereclassified as being either preventive measures that wouldeliminate the cause or mitigation measures that would allevi-ate the undesired environmental consequence. The study(brainstorming session) was documented in a tabular spread-sheet format using the bow-tie type of sequential approachfor the thought process. For each of the scenarios discussed,the team proposed recommendations, where deemednecessary.

An advantage for the team members of using thisapproach was that they were able to correlate the precedingHAZID results to the ENVID, thereby, understanding thecontribution of the various causes and barriers to

environmental risk. This assisted in identifying critical envi-ronmental compliance elements for the project. In addition,a clear mapping of the undesired environmental events facili-tated a robust understanding for the team of the environ-mental hazards. This method is amenable to early phaseenvironmental impact assessment development, designphases, project start up and review of changes and newevents, and startup operations.

See Table 1, which is an example of the application ofbow-tie diagramming to ENVIDs. The example is based oncurrent work for an oil and gas facility, where the table fieldswill eventually be exported to bow-tie diagrams and theresults were recently published [19].

LESSONS LEARNED

The ERM Risk Practice has conducted a significant num-ber of bow-tie workshops in a team environment with theparticipation of relevant disciplines. The graphical nature ofbow-tie diagrams was a major contributor to the success ofthe studies.

This visual approach also enhanced the brainstorming forthe analyses, minimizing the confusion that a tabular analysistends to cause. Four areas have been identified where thebow-tie model is very useful during workshops:

Distinction of the functionality of the controls:Understanding each barriers contribution to either eliminat-ing the causes or mitigating the consequences, provided theteam members a better perception of the barrier effective-ness and the requirements to retain its integrity over time.

Correct use of the risk matrix: When ranking consequenceusing a risk assessment matrix, especially, when the teamis reluctant to assign valid likelihood and consequenceresulting in high risk, the bow-tie diagram illustrates theimportance of using the matrix correctly by assigning real-istic qualitative values and aim at a recommendation toyield the most risk reduction.

Incident investigation: Building upon any investigationmethod, the team can analyze immediate, intermediate,and root causes in a holistic approach by comparing thebarriers in place and the ones that were degraded or bro-ken and their connection to the HSE management system.

Accurate inclusion of human factors: Human error mustnot be addressed as another generic threat but as a spe-cific escalating factor or vulnerability that can lead to thebarrier failure; for example, human error triggered byunclear operational instructions or unrealistic emergencyresponse procedures.

Figure 8. LNG loss of containmentexpanded view, consequences. [Color figure can be viewed in the online issue, which isavailable at wileyonlinelibrary.com.]


CONCLUSION

The authors have successfully applied the bow-tie dia-grammatic approach to downstream oil and gas facilities,both greenfield and brownfield projects. As the process safetypractice continues evolving to a risk-based approach, bow-tiediagrams have enormous potential to complement processsafety initiatives [20,21]. Some advantages of applying thebow-tie approach to the risk management process are:

Application and understanding of the risk managementprocess, from identification to assessment.

Focus on MHEs, differentiating highly hazardous releases(e.g., loss of containment) from other workplace hazards,occupational health, or environmental aspects.

Synthesis, extraction of risk control systems, and SCEs toprevent or mitigate an MHE.

Provision of stand-alone performance standards to docu-ment SCE integrity assurance plan.

Setting leading and lagging performance indicators. Unparalleled communication of MHEs and their controls,

demonstration of ALARP. Assessment of barrier strength to achieve the desired risk

control effectiveness. Integration of human and organizational factors by identi-

fying specific barriers to prevent and manage humanerror.

Fine-tuning competency and training requirements forindividuals accountable for risk-control systems and SCEs.

A few disadvantages have also been identified:

Requirement to acquire bow-tie software to better docu-ment and visualize the resulting large bow-tie diagrams

Need to have a robust risk-assessment matrix to appropri-ately screen MHEs and arrive at a representative set ofbow-tie diagrams per facility or business unit.

The authors use of the bow-tie concept points towardthe application of this tool as a complement, instead of asubstitute, to traditional tabular process hazard analysis (e.g.,HAZID). Moreover, other semiquantitative applications (e.g.,LOPA) are feasible and being used experimentally at thisstage. The future of bow-tie diagrams across industry to com-plement, enhance, and operationalize hazard identificationand assessment with the incorporation of human factors at apractical level, does look promising and will rapidly evolve.

LITERATURE CITED

1. Center for Chemical Process Safety (CCPS), Guidelinesfor Hazard Evaluation Procedures, 3rd Ed., Wiley, Hobo-ken, New Jersey, 2008.

2. P. Hudson, Leiden University of the Netherlands & DelftUniversity of Technology, The Netherlands, IntegratingOrganization Culture into Incident Analyses: Extendingthe Bow Tie Model. SPE International Conference onHealth Safety and Environment, Vol. 4, 2010, 26622674.

3. 29 CFR 1910.119 Process Safety Management of HighlyHazardous Chemicals, 1992.

4. 40 CFR Part 68 Risk Management Program (RMP) Rule,2009.

5. CFR Part 250 Subpart S, Safety and Environmental Man-agement Systems, October 2010.

6. American Petroleum Institute, API Recommended Practice75, Recommended Practice for Development of a Safetyand Environment Management Program for Offshore Oper-ations and Facilities, 3rd Ed., 2004, reaffirmed May 2008.

7. National Commission on the BP Deepwater Horizon, TheGulf Oil Disaster and the Future of Offshore DrillingReport to the President, January 2011.Ta

ble

1.EN

VID

work

sheetal

igned

tobow

-tie

appro

ach.

Cau

sePre

vention

and

Dete

ctio

nBar

riers

Environm

enta

lEvent

Controls

/M

itig

atio

nConse

quence

Ris

kRan

kin

g(r

em

oved

for

this

exam

ple

)Reco

mm

endat

ions

1.D

iese

lengin

eexhau

st1.Routine

mai

nte

nan

cean

din

spect

ion

1.Air

Em

issi

ons

1.M

onitoring

for

bla

cksm

oke

1.Rele

ase

of

polluta

nts

tosu

rroundin

genvironm

ent

(par

ticu

late

s,SO

x,

NO

x,CO

2)

2.Revie

whelico

pte

rexhau

stpar

amete

rsin

late

rst

ages

2.Third-p

arty

equip

ment

2.Engin

eering

3.Revie

wsu

pply

boat

exhau

stpro

pertie

sin

late

rst

ages

3.Sp

eci

fic

equip

ment

3.Equip

mentse

lect

ion

toco

de

8.Verify

that

drillin

gco

ntrac

tor

equip

ment

willnotexce

ed

em

issi

ons

lim

its.

4.Su

pply

Boat

exhau

st4.Sh

utdow

nequip

ment

5.H

elico

pte

rexhau

st1.Rele

ase

ofgas

from

drillin

gm

ud

1.G

asdete

ctio

n1.Air

em

issi

ons

1.M

onitoring

equip

ment

1.Rele

ase

ofpolluta

nts

tosu

rroundin

genvironm

ent

(incr

eas

ed

GH

Gbeca

use

ofunburn

ed

gas

es)

No

reco

mm

endat

ion

pro

pose

d2.Le

aks

from

flan

ges,

val

ves,

tanks,

vents

etc

.(f

ugitiv

eem

issi

ons)

2.M

ud

conditio

nin

g2.M

ud

conditio

nin

g


8. Center for Chemical Process Safety (CCPS), Guidelinesfor Risk Based Process Safety, Wiley, Hoboken, New Jer-sey, 2007.

9. International Association of Drilling Contractors (IADC)Health, Safety, and Environment Case Guideline for Mo-bile Offshore Drilling Units, Issue 3.3, Houston, Texas,IADC. December 1, 2010.

10. International Association of Drilling Contractors (IADC)Health, Safety, and Environment Case Guideline for LandDrilling Units, Issue 1.0.1, Houston, Texas, IADC, July 27, 2009.

11. International Standard ISO 17776 Petroleum and Gas Nat-ural IndustriesOffshore production installations, Guide-lines on tools and techniques for hazard identificationand risk assessment, October 15, 2000.

12. ANSI/ASSE Z690.2-2011, Risk Management Principles andGuidelines, National Adoption of ISO 31000:2009.

13. ANSI/ASSE Z690.2-2011, Risk Assessment Techniques,National Adoption of IEC/ISO 31010:2009.

14. SafeWork Australia Guide for Major Hazard FacilitiesSafety Assessments, March 2012.

15. Guidelines for the Management of Safety Critical Ele-ments, 2nd Ed., Energy Institute, London, UK, 2007.

16. UK Health and Safety Executive, Developing ProcessSafety Indicators, HSG254, 2006.

17. American Petroleum Institute, API Recommended Practice754, Process Safety Performance Indicators for the Refin-ing and Petrochemical Industries, American PetroleumInstitute, Washington D.C., 2010.

18. P. Davidson and S.D. Mooney, Key Safety Roles inOrganizational Changes, Wiley InterScience, 2009.

19. F. Jones and K. Israni, Environmental Risk AssessmentUsing Bow-tie Methodology, 2012.

20. T. Whipple and R. Pitblado, Applied Risk-Based ProcessSafety: A Consolidated Risk Register and Focus on RiskCommunication, Wiley InterScience, 2009.

21. P. Davidson and S.D. Mooney, Key Safety Roles inOrganizational Changes, Wiley InterScience, 2009.


Documents

Bow Tie Explained