FSE Assessment

THE UNIVERSITY OF YORK

Foundation of system safety engineering ( FSE)

OPEN ASSESSMENT

EXAM NUMBER: Y4848066

FSE Question 1(16 marks)

I. The potential benefits and drawbacks for the two options are shown in the tables below. ( 4 marks )

The powered conveyor system optionHazards Benefits Drawbacks

Vehicle hazard - Conveyor belt is used in many industrial to transfer materials between stages, and use conveyors is a good way to reduce the risk and the Vehicle hazards (accidents, fire,)

----------

Environmental - Dust extractions and air filters can be used during conveying operation to prevent dust generation.

- Dust can be generated at the feed and discharged points during conveyor operation

Handling - Conveyors can eliminate the multiple handling of materials or products while preventing all the hazards typically caused by trucks and /or loaders

- Conveyor system allows users to install conveyor quickly and easily.

- Conveyor promotes the effective ,use of people equipment , space and energy

- Reduce the need for repetitive lifting and carrying.

- Products may fall off the conveyor when a conveyor passes over a walkway, roadway, or work station.

- Need to guarding system.

Mechanical --------------------------- - Conveyor has dangerous moving parts moving parts ( head ,tail ends end pulleys ( head , tail end pulleys ,belt etc....)

- Conveyor motor and eccentric weights tend to operate at high speed

Electrical - Electrical powered system, no environmental impacts.

- Electrical power may cause electric shock hazards

ENVIRONMENTAL - The noise hazards can be controlled by suitable sound proofing and work place noise can be minimizing by design & Engineering controls at the source.

- The nature of operation can be creating noise hazards.

TABLE (1)


The barnaton bypass optionHazards Benefits Drawbacks

Vehicle hazards ------------ - Moving vehicles as a source of harm injury while driving vehicles

- Loading and unloading vehicles could be result of hazards - Refuelling of vehicles leading to injury or fire.

Environmental ------------ - Dusty air during loading and unloading - Fuel spillage.- Moving heavy vehicles can create noise hazards.-

Handling ------------ - Moving machine during handling may cause several hazards (Accidents, fall objects ...)

TABLE (1)

Powered conveyor system Benefits

1- Use conveyors are a good way to reduce the risk and Vehicle hazards (accidents, fire ...)

2- Dust extractions and air filters can be used during conveying operation to prevent dust generation and environmental protection.

3- Conveyors can eliminate the multiple handling of materials or products while preventing all the hazards typically caused by trucks and /or loaders

4- Conveyor system allows users to install conveyor quickly and easily. 5- Conveyor promotes the effective ,use of people equipment , space and energy 6- Engineering control system (Engineering design) can be applied to conveyor

systems to minimize the hazards (noise, vibration and loads or products falling ...) at the source.

Powered conveyor system Drawbacks

1- Products may fall off the conveyor when a conveyor passes over a walkway, roadway, or work station.

2- Dust can be generated at the feed and discharged points during conveyor operation.

3- Need to complex guarding system.4- Conveyor has dangerous moving parts moving parts (head, tail end pulleys, belt.) 5- Electrical power may cause electric shock hazards.6- The nature of operation can be creating noise hazards.

Barnaton bypass Drawbacks

1- Moving vehicles as a source of harm injury while driving vehicles2- Loading and unloading vehicles could be result of hazards 3- Refuelling of vehicles leading to injury or fire.4- Engineering hazards control cannot be applied.


5- Moving machine during handling may cause several hazards (Accidents, fall objects ...)

II. Identifying Safety Issues. (5marks)

To Identifying Safety Issues we must break down the system in terms of its functions and analyse each of them separately, Operation process including the buildings and connections of services such as power and communication, control System and Safety standards, The maintenance of the conveyor system, and finally the environment in which the conveyor system operate, to identify these issues we have to apply checklist as in the table below, these issues should be addressed by the safety case.

Checklist Safety issues Description

Operation

Material Slipping/falling

The conveyors will be in several sections, and the converging length will be over 2Km, and would cross above the canal and the road, so martial or product could be spilling or falling on road or canal during this distance.

Machinery All exposed moving machinery parts present a hazards (motors nip points and shear points)

Fire “A fire can start anywhere along the conveyor system and can spread quickly to other areas creating major losses” (1).

Suddenly system starting (system failure or human error)

The system may be Suddenly started at any time during /or after emergency shutdown or during maintenance, that may introduce hazards.

Control system failure The system would be remotely controlled and monitoring from control room, if the system failure (no stop, high speed) that could introduce hazards.

Environmental ( noise, dust)

“Belt conveyors use wide flat belts to move product, this type of conveyor presents its own unique set of variables that affect the noise generated”(2), The dust also can be generated in loading and discharge points.

Safety standards “Procedures and standards help provide a safe system of work and remove the heavy reliance on the use of common sense (which tends to be very uncommon). They let everyone know how a job should be done and allow maintaining the operation at a standard, and the operation without standards it is mean hazards”(3).


Communication Communication between operating staff is very important during operation process and in emergency cases bad communication could introduce hazards.

Design The design of conveyor belt is very important to reduce many hazards, for example the pipe conveyor prevents material from dropdown.

Maintenance

General Routine inspection and preventive and corrective maintenance program must be contacted to insure that all safety features and devises retained because the maintenance is very important to reduce the system hazards.

Maintenanceoperation

“When a conveyor is stopped for maintenance purposes, starting devices or powered accessories shall be locked or tagged out in accordance with a formalized procedure designed to protect all person or groups involved with the conveyor against an unexpected start”(3).

TrainingTraining for Operation & maintenance

Without proper training operators and maintenance staff may not appreciate safety critical nature of the operation.

Personal protection equipments(PPE)

Training in the use of Personal protection equipments (PPE) could be hazards if performed to the system.

Misuse Environment The conveyor would be in several sections converting a total length of 2 KM and would cross above canal and road on a high level bridge , so the materials may fall off the conveyor to the road and canal ,also the weather –strong winds may be cause sand fall off to the buildings and vehicles and cause hazards .

Law HSE Health safety and environmental considerations if don’t follow up during operation and maintenance could introduce hazards to the human and the system.

III. ( 1 mark )The wording of a suitable top-level goal for the safety case is Argument by satisfaction of all conveyor belt system safety requirements

Primary Hazards Identification PHI

Conveyor System Definition

Consequence Analyses

FHA

Design & Decomposition Systems

Platform

UnitsPSSA

Causal Analysis Causal Analysis

SSA

Integration & test

Integration of safety Evidence

Implementation

Safety platformSafety Case


IV. The reasonable strategy for arguing the safety of the conveyor belt system.(3 marks)A reasonable strategy for arguing the safety of the conveyor system we have to apply safety case the safety case will have safety plan and functional hazard assessment (FHA) report, witch content the complete list of hazards and safety objectives , to ensure that the risk managed during the design of the conveyor belt system , also the safety case should be content safety analyses for the system as a whole to prove that the safety requirements have been satisfied and the hazards identified have been mitigated , The safety plan should be apply to the system to identify the, safety requirements and safety component, the safety requirements should prove that the system component has not any failures.The second step will be the consequence analysis to establish the hazard log also use fault tree analysis (FTA) to minimize any safety impact of the system, the strategy should define if the hazards have been eliminated, the severity of the hazard resulting from the failure is minimised and the probability of the component is sufficiently remote. The safety case shall be consist of structured argument supported by a body of evidence, that provides a compelling , comprehensible and valid case that a system is safe for given application in a given environmental.


Figure (1) safety case strategy and lifecycle

V. The strategy can apply to all issues identified in( ii ) as the following :(3 marks)

Description Safety StrategyThe conveyors will be in several sections, and the converging length will be over 2Km, and would cross above the canal and the road, so martial or product could be spilling or falling on road or canal during this distance.

The safety case report should include that to insure the design of the conveyor provided with spill guards, pan guards, or the equivalent if there is a potential for material to fall off the conveyor and endanger personnel or equipment. The guards shall be designed to catch and hold any load or material that may fall off or become dislodged from the system.

All exposed moving machinery parts present a hazards (motors nip points and shear points)

The safety case report should include that to insure the design of the conveyor provided with Mechanically or electrically guarded or guarded by location, should apply to the system to minimize the hazards.

“A fire can start anywhere along the conveyor system and can spread quickly to other areas creating major losses” (1).

Fire hazards could be reduced by engineering control by detection methods.

The system may be Suddenly started at any time during maintenance by human mistake or after system failure.

This hazard could be eliminating by warning signs shall be provided along the conveyor at areas that are not guarded or protected by their location. Also The area around loading and unloading points shall be kept clear of obstructions that could create a hazard.

“Belt conveyors use wide flat belts to move product, this type of conveyor presents its own unique set of variables that affect the noise generated”(2), The dust also can be generated in loading and discharge points.

The safety case report should include that to insure the design of the conveyor can be Control noise hazards or by use PPE and exhausted air should be found in loading and discharge points, to minimize dust generation during operation process.

Communication between operating staff is very important during operation process and in emergency cases bad communication could introduce hazards.

Good supervision and follow the procedures and operations manual to close this hazard.

“When a conveyor is stopped for maintenance purposes, starting devices or powered accessories shall be locked or tagged out in accordance with a formalized procedure designed to protect all person or groups involved with the conveyor against an unexpected start”(3).

Machinery must include a safety interlock circuit to prevent inadvertent starting. The maintenance procedures should include a safe system of work that puts the system in to a safe shut down state for maintenance.

Without proper training operators and maintenance staff may not appreciate safety critical nature of the operation.

Appropriate training must be providedfor operating and maintenance staff.


The conveyor would be in several sections converting a total length of 2 KM and would cross above canal and road on a high level bridge , so the materials may fall off the conveyor to the road and canal ,also the weather –strong winds may be cause sand fall off to the buildings and vehicles and cause hazards .

The safety case report should include that to insure the design of the conveyor provided with spill guards, pan guards, or the equivalent to prevent materials fall off, also Use prominent a wariness devices, such as warning signs or lights.

Health safety and environmental considerations if don’t follow up during operation and maintenance could introduce hazards to the human and the system.

This hazard would be mitigated through theApplication of the strategy by apply HSE requirement by keep an overview of the SHE regulations.

(1) CONVEYORBELT GUIDE ( http://www.conveyorbeltguide.com/SafetyInUSA.html )

(2) Noise considraration for design,spesification of convyors system( http://www.mhi.org )

(3) Occupational fsfety and health adminstrator (OSHA).

http://www.mhi.org/

http://www.conveyorbeltguide.com/SafetyInUSA.html


FSE Question 2 (20 marks)

i. Classification of The factors contributed to the accident. (4 marks)

Classification FactorsTechnical 1- The warning systm was not working (buzzer, light)

2- The electrical bell between the outocoach and locomotive was not working.

3- The teadly system was not operating correcttly. the treadle arm is not set at the correct height , this increase the total length of warning .

4- The brake controls is difficult to use in an emergency “The RAIB and the DFR carried out tests using the auto-train to establish how the braking system behaves in various different modes of operation. These tests confirmed that, once the vacuum brake has been applied, it is not possible to release it quickly: it can take up to thirty seconds to re-create vacuum using the ejector by placing the combination valve in the ‘release’ position“(1).

5- No having working sanding equipments on the train . “The DFR had no requirement for the train crew to check that the sand boxes for the locomotive and the auto coach were filled and operational Not having working sanding equipment on the train may have contributed to the accident. “(1).

Management and training

1- Lack of training and experiece of fire man . “When the locomotive is propelling the coach, the fireman is alone on the footplate and unable to seek advice from the driver if unsure about what to do at any point, he had only two days experience on the auto-train before the accident occurred, and had no training in or experience of the action to be taken in emergency situations. “(1).

2- The DFR known about the problem with the warning systm but they dont take action. “ The treadle operated approach warning mechanism was known to be faulty. This had been reported four days before the accident and the DFR proposed to rectify the fault, but had not done so by the time of the accident, and had not informed operating staff of the fault“(1).

3- The DFR does not pressure from road to minimize traffic delays. 4- The age of the driver (71 year) retired . “The driver was over the

maximum age for driving“(1).5- The medical examination for the driver should be every one year as

DFR requirments but the managment were only requiring every five years.

6- The driver axceeded the speed over 10 mph(16 Km/h) , the train speed was 20mph (30Km/h) when it bassed the speed restricion board .this is lack of training.

7- The crossing keepers have delay to opening the gates to the railway crossing .


8- The driver did not anticipate the effect that the wet condition of the rail head would have on the braking performance of the train. This was contributory to the accident.

9- The crossing keepers noticed during the first passage of the train earlier in the day that the treadle operated flashing light and the warning buzzer had not operated, and they only became aware of the approach of the train when they saw it coming.

10-The possible outcome of using the release valve needs to be fully understood by the railway and by individual drivers and firemen so that the brakes can be safely handled in all situations and proper training can be given to staff.

11-The crews on the DFR had not practised handling the brake in emergencies

12- There are not procedures in place to inform staff that system have failed or the operating in adegraded conditions .

13-“Steam engine footplate crews are selected from volunteer engine cleaners and are trained by the locomotive inspectors. They are assessed for competence to act as firemen, and in due course may advance to driver“(1).

Design 1- The low position of the warning treadly arm .2- No effective system for inform the train crews that the warning

system was not working .3-4- The speed indicator board position is not clear.5- “The arm of a treadle device that has been mechanically designed

such that its return from the depressed position takes place in a controlled timed manner (usually slow) “(1)

6- The operation of the treadle by a train causes a buzzer to sound ,and light to flash this is lack of design , treadle operated equipments should be install to warn the crossing when the train approach .

Environmental

1- The noise from passing traffic . “The noise from passing traffic, in particular heavy goods vehicles climbing the hill, could have contributed to the crossing keepers not hearing the warning whistle from the approaching train“(1).

1- The weather was reported as being poor with signification rainfall that caused the train to slide, the train would have been stop befor the reaching the board if the rail had been dry.

Norchord station14:40

The train operates the treadle (the buzz +light)

The tow crossing keepers move to the crossing

The crossing keepers stop the road traffic and open the railway gates

The train driver reduce speed to 20mph

The train driver blows the train whistle to confirm the train approaching

The crossing keepers secure the crossing gates

The crossing keepers signals with green flag to the train to processing through the crossing

The crossing keepers close the four gates and permit road traffic to resume

12:10 Service station


ii. Events Timeline (6 marks).To draw a timeline we should identify all the events leading up to the accident, first we identify the event of the period preceding the accident ,as the figure below :

The train passed over the treadle but warning buzzer and light did not operate

The crossing keepers had no warning to open the gates

The driver sounded the whistle

Train speed passed the 10 mph to 20 mph

The crossing keepers saw the train when it come into view

The crossing keepers began to stop the road traffic and open the gates

The train approached the stop board

The driver fully applied the brakes

The driver saw the gates not completely open


The wheels locked and the train slide

The leading end of the autocoach struck the partially open crossing gate

The fire man operate the combination brake valve and the reservoir but the train did not stop

The detached gate struck one of the crossing keepers (he injured)

The leading end of the autocoach struck the partially open crossing gate

The train stand with it s leading end 30 metres past the crossing


Second the events of the final few minutes before the accidant.

The driver fully applied the brakes

Timeline

The train cross the Treadle

500

m

Speed indicator board Stoop board

Crossing gate

The crossing keepers start opens the gates

100 200 300 400 455431 485

20

40

327272

Mph


Figure (2) timeline of the accident

This Figure shows the comparing between the train speed and the distance; we assume the accident event start when the train cross the treadle.

500

m

100 200 300 400 455431 485

20

40

327272


iii. Way-Because Graph( 6 marks )

Internal event

Internal proces

Source state Internal state

Source process

Source event

Gateman severely injured by displaced crossing gate

Accident

Damage to the train

The train did not stop

The gates was not fully open

The cross keepers close the four gates & resume the traffic

The leading end of the outcoach

struck the crossing

The wheels locked & the train slide

The driver fully applied

the brakes

RWY very wet

Weather conditions

The crossing keepers had not warning to open the

gate

The crossing keepers saw the train when it

come into view

Amount of water on RWY surface

Noise from road traffic

The train passed over the treadle

Warning buzzer and light did not

The treadle operated approach

warning was faulty

Lack of maintenan


The buzzer & the light did not operate

DFR Poor manageme

The train driver blows the train whistle to confirm the train approaching

The crossing keepers stop the road traffic & open the railway gates

The train departed norchard station

The train reach the stop board

Train speed 20 mph

The driver excessive the train speed

The signalman belled the crossing

keepers by telephone

The signalman know the buzzer & the light did not

operate

The train driver was unable to stop it

The train reach crossing gates

The wheels was locked


Figure (3) Way-Because Graph of accident

iv. (4 marks).

The rail trnsport sector should learned from this accidant by devlope The railway with respect to the safety by follow the safety standerd and all the recommendations made by like these investigations reports. Install automatic open crossing remotely monitored ( AOCR) , for all crossing

gates , AOCR will have the standard steady member and flashing traffic light signals these will be activated automatically by an approaching train, these automatic gates will prevent the accidents that occur by human errors .

Improve the old design of the singes of the level crossing (whistle board , speed indicator board, and remove the trees in the area that near the gates) also the size and the location of the singes should be as the standard.

Training courses for all employees for rail transport sector by create career development plans.

Initiate and apply risk assessment model to all level crossing to establish reasonably practical safety system options and control, to minimize the risks.

References

(1) Accident report. Website: www.raib.gov.uk

http://www.raib.gov.uk/


FSE Question 3 (14 marks)

i. Councils responsibilities with respect to fire safety.(10 marks)“Under the Regulatory Reform (Fire Safety) Order 2005 and The Fire (Scotland) Act 2005, anyone who has control of premises or who has a degree of control over certain areas or systems may be designated a ‘responsible person’ (e.g. an employer, a managing agent, an owner, an occupier or any other person who has some control over all or part of relevant premises)”(1) so the Councils responsible for:

NO Councils responsibilities Southwark council a actions

1 Councils are required by law to carry out fire risk assessment on social housing high-rise blocks “The responsibility to do fire risk assessments was transferred to local councils in 2006. “(1) the current responsibility to do fire risk assessment is with local councils following aching to the legislation in October 2006 .so fire risk assessment is very important to implement appropriate fire safety measures to minimize the fire risk .

Lakanal House did not have a valid fire risk assessment in place when fire broke out.

2 “Put in place plans and actions to eliminate or reduce the risk from fire as far as is reasonably practical, and provide general fire precautions to deal with any residual risk”. The emergency plan should be found in every building and the people who live in these high –rise blocks must be know about emergence procedures in case of fire.

“Southwark Council has previously

released files showing it knew in 2000

that Lakanal House posed a risk of rapid

fire spread but did nothing for seven

years. Also Lakanal House was due to be

demolished under the council's Labour

administration. But when the council

changed hands to Liberal Democrat the

new administration decided to keep

Lakanal House” (2).

3 “Take additional measures to ensure fire safety where flammable or explosive materials are used or stored” (2).this measured should be including in fire risk assessment for example the material of window frames, the location of material storage.

“All the facades and window frames were replaced with flammable uPVC which melts in fire, releasing toxic fumes” (1).

4 “Create a detailed plan to deal with any emergency and, in most cases, document the findings” (2).in case of any emergency should found plan includes who is responsible and what are the producers which should follow.

Emergency plan relevant to premises had not been communicated effectively to residents.


5 “Landlords have to ensure there are adequate fire precautions (including alarms, extinguishers and fire blankets) and fire escape routes. These must be well maintained and adequate for the number of residents and the size of the property” (2).

“The design of the block, which has only one central staircase. Fire doors that were either not fire resistant and/or self-closing”(2).and also during the investigation found the fire alarm system does not working .

From number (1) we find Southwark council did not carry out fire risk assessment which required by law, to implement appropriate fire safety measures to minimise the risk to life from fire, also from( 2 ) Southwark council was knew in 2000 that Lakanal House posed a risk of rapid fire spread but did nothing for seven years and don’t take actions to eliminate or reduce the risk from fire according to the law ( responsibilities ) also in (3) the council should take additional measures to ensure fire safety where flammable or explosive materials are used or stored, but the council replaced all the facades and window frames with flammable uPVC which melts in fire in (4) the council should Create a detailed plan to deal with any emergency and, in most cases, document the findings but the Emergency plan relevant to premises had not been communicated effectively to residents.

I think the situation of other councils has changed and they are learn from the fire at lakanal house, because “more than one in five councils stepped up fire safety work on tower blocks following a high-rise blaze that killed six people, for example A Hackney Council carried out 52 fire risk assessment, after 3 July” (1) (INSIDE HOUSING 23/10/2009)

“Also Sheffield Council has 25 tower blocks and had done no ‘formal comprehensive fire risk assessments’ before the Lakanal fire. It had completed 20 FRAs by 21 September.”(2)

“Lambeth Council had assessed just two of its 75 blocks of seven or more storeys before the Lakanal blaze. By the time it responded to the FOI, on 2 October, it had started FRAs on three more blocks and it has now pledged to assess the fire risks of all its blocks of six or more storeys by March 2010”(1).

In (Inside house ) total survey found 282 blocks of four or more storeys that did not have a fire risk assessment before 3 July, but now most of the councils situations changed and they start carried out fire risk assessment for the high –rise blocks Safety in numbers survey shown in the table below this survey is completed by inside housing , the survey comparing between the actions have taken by the councils to fulfil their fire safety responsibilities before Lakanal and whether they have changed their stance since.


http://www.insidehousing.co.uk/story.aspx?storycode=6506865

ii. ( 4 marks ) The impact of the coverage on the residents of high-rise blocks was very strong. because there are many blocks like lakanal house with one central stairwell and same the design of lakanal house, and many people ask questions about what happens when the fire breaks out in these flats, also there are families with young children living in high blocks, they described these flats as “death traps” and others described it disaster waiting to happen.

References

1) Inside housing http://www.insidehousing.co.uk/story.aspx?storycode=65068652) BBC London news.




Documents

FSE Assessment