Upload
userscribd2011
View
212
Download
0
Embed Size (px)
Citation preview
8/11/2019 Paper 294204
1/10
GCPS 2013 __________________________________________________________________________
Management of Safety Critical Elements as a Base for RiskManagement of Major Accident Hazards
Mariana Bahadian BardyDet Norske Veritas
Rua Sete de Setembro 111/12 th [email protected]
Flvio Luiz Barros DinizDet Norske Veritas
Paula SilveiraDet Norske Veritas
Prepared for Presentation atAmerican Institute of Chemical Engineers
2013 Spring Meeting9th Global Congress on Process Safety
San Antonio, TexasApril 28 May 1, 2013
8/11/2019 Paper 294204
2/10
GCPS 2013 __________________________________________________________________________
UNPUBLISHED
AIChE shall not be responsible for statements or opinions containedin papers or printed in its publications
8/11/2019 Paper 294204
3/10
GCPS 2013 __________________________________________________________________________
Management of Safety Critical Elements as a Base for RiskManagement of Major Accident Hazards
Mariana Bahadian BardyDet Norske Veritas
Rua Sete de Setembro 111/12 th [email protected]
Flvio Luiz Barros DinizDet Norske Veritas
[email protected] Silveira
Det Norske [email protected]
Keywords: safety critical element, barrier, major accident hazard
Abstract
Considering the already established relevance of barriers to avoid Major Accidents, the objectiveof this paper is to present a methodology for management of Safety Critical Elements (SCE),from the identification of them, definition of relevant importance to each activity performed bythe installation and establishing alternatives and contingencies for the failure or absence of theSCE. The proposed methodology, adapted from common use methodologies from OffshoreIndustry to Process Industries, is developed in 5 steps, being Step 1 the use of a HazardIdentification technique and indication of Major Accident Hazards. Following on Step 2 bowtiediagrams are developed for the MAH and SCE are identified. The SOOB Summary ofOperational Boundaries on Step 3 identifies the activities that may or may not proceed or cautionis applied in the case the SCE is defeat and on Step 4 a Contingency Plan is develop to maintainoperation for the cases indicated on the SOOB that operation may not proceed or proceed withcaution. Finally, on Step 5, definition of prioritization of maintenance and inspection activitiesshall be in place for each SCE, including preventive maintenance routines, inspections routinesand definition of spares, where applicable. This methodology can help on the identification ofgaps and management of critical elements and consequently improving the performance of safetysystems increasing their availability.
1. Introduction and background
Recent accidents have indicated the importance of safety barriers on management of majoraccidents, reducing its likelihood or minimizing consequence. Buncefield, Texas City andMacondo, just to indicate some, have stated in their accident investigation reports the failure ofsafety barriers or non-existence of adequate ones as potential causes for the major accidentoccurrence.
8/11/2019 Paper 294204
4/10
GCPS 2013 __________________________________________________________________________
This paper presents a methodology for management of Safety Critical Elements (SCE), adaptedfrom common use methodologies from Offshore Industry to Process Industries, from theidentification of them, definition of relevant importance to each activity performed by theinstallation and establishing alternatives and contingencies for the failure or absence of the SCE.
Several reference have definitions of SCE and how they must be managed, as NORSOK[1], thatindicated that Safety Critical Equipment is equipment that shall be in operation to ensure escape,evacuation and /or to prevent escalation.
According to HSE UK[2] any structure, plant, equipment, system (including computersoftware) or component part whose failure could cause or contribute substantially to a majoraccident is safety critical, as is any which is intended to prevent or limit the effect of a majoraccident.
For this paper, SCE is defined as indicated by HSE UK, as being the Barriers that can avoid ormitigate Major Accident Hazards.
2. Description of Methodology
For the objective of systematic management of Safety Critical Elements, the methodologyoutlined in Figure 1 is proposed, covering the 5 steps described below.
Figure 1 Methodology for SCE Management
2.1 Step 1 Hazard Identification
The first step is to identify the accidental scenarios from the specific process under analysis. Forthat purpose, it is proposed to perform a Process Hazard Analysis (PHA) for identification ofaccidental scenarios and classification according to a Risk Matrix, defined by each company
according to its risk management process. Figure 2 represents an example of spreadsheet to beapplied for the PHA.
8/11/2019 Paper 294204
5/10
GCPS 2013 __________________________________________________________________________
Process Hazard Analysis (PHA)
System: Hazard/Event Group:
1.Hazard 2.Causes 3.Effects 4.Freq 5.Sev 6.Risk 7.Safeguards8.Final Freq
9.Final Sev
10.Final Risk 11.Recommendations 12.#
1
2
3
Figure 2 Example of PHA Spreadsheet
The spreadsheet has 12 columns, and two classification of the risk for each scenario. Columns 4,5 and 6 have the classification without considering existing safety barriers for the scenario. The
barriers are listed on Column 7 and Columns 8, 9 and 10 indicate the classification of the risk,considering the existence of the barriers and these are operating or ready to operate when needed.
For the classification of severity, likelihood/frequency and risk, a risk matrix shall be used,representing the risk tolerability of the company. An example of risk matrix is on Figure 3,extract from ISO 17776:2000 [3].
Figure 3 Example of Risk Matrix
8/11/2019 Paper 294204
6/10
GCPS 2013 __________________________________________________________________________
Note that this matrix has 5 different severity ratings and analyze four different effects: people,assets, environment and reputation. A common approach to define Major Accidental Hazards(MAH) is to consider whose with highest consequence classification, as the ones classified withSeverity Category 5, from the matrix indicated on Figure 3, that represents multiple fatalities asimpact on people, extensive damage for environment, massive effect to assets and major
international impact on reputation.
The main advantage to select the MAH to go to Bowtie, as described above, is that the barriersrelated to those events can be clearly identified and consequently be managed properly and in afocused way. On the other hand, when there is no distinction between MAH and other scenarios,with lower damage potential, the number of barriers to be managed increase reducing the focuson the major impact scenarios MAH.
Note that some safety barriers are normally identified on this PHA and shall be reviewed anddetailed on the next steps.
2.1 Step 2 Development of Bowties
The following step of this methodology is to develop bowtie diagrams for each of the MAH, orcombination of MAH, if applicable, as exemplified in Figure 4. The BowTie methodology isdesigned to give a picture of the risks, to help people understand the relationship between therisks and organizational events and to identify where barriers in place can act, on the preventionor on the mitigation and consequently give a better overview if those are enough to mitigate therisks related to the MAH.
Figure 4 Example of Bowtie
With the use of multidisciplinary team from the company, starting from a Top Event, localized inthe center of the diagram, causes, preventive barriers, consequences and mitigating barriers areidentified. Following, each barrier, preventive or mitigating, is classified as:
Critical: essential barrier to avoid the causes or associated consequences. Non-critical: barrier that reduces likelihood or minimize consequence, but does not avoid
the occurrence of the top event or associated effects.
8/11/2019 Paper 294204
7/10
GCPS 2013 __________________________________________________________________________
Third Party: barriers, critical or not, that are not under the company responsibility formanagement.
Also responsible person or function can be indicated on the bowtie for each barrier. The list ofSCE are composed by those barriers classified as critical for each bowtie.
The Safety Critical Elements (SCE) can be an Equipment, System or Procedure. In the example presented in Figure 4, for Top Event Large Release of Flammable Gas, from CompressionSystem, the following barriers were classified as Safety Critical Equipment or System:
Safety interlocks PSVs Filter Pressure Drop Indication Injection of Corrosion Inhibitor Gas and Fire Detection System
Fire Fighting System CFTV
The other critical barriers such as Mechanical Integrity Program and Emergency Planning areconsidered as Safety Critical Procedure.
All of those critical elements, equipment, systems and procedures, shall be managed butspecially for the equipment and systems contingency procedures shall apply considering they areoperating under degraded conditions or out of operation. As part of this scope a Summary ofOperations Boundaries (SOOB) analysis is carried out as stated below.
2.3 Step 3 Development of SOOB
The Step 3 of this methodology consists in developing the Summary of Operations Boundaries -SOOB analysis. This is based on a matrix which crosses main operations and activities with theOperational Risk Factors. Operational Risk Factors includes controls, identified in the BowTieanalysis, under reduced effectiveness and risk factors such as severe weather/sea conditions. Thematrix is completed row by row by reviewing all combinations.
The main objective is to examine if operations can be permitted or prohibited when certaincontrols have been defeated or running under reduced effectiveness and examine if operationscan proceed in the case of occurrence of external factors that can potentially influence the risk ofdoing these operations e.g. severe weather conditions.
This will distinguish when a stop work is applied or if that shall be a proceed with cautioncondition, as indicated by IADC[4]. A traffic light system may be applied, indicating:
Red: stop the work or do not proceed; Yellow: evaluate conditions, perform risk analysis or implement additional protection; Green: continuous normal operation.
8/11/2019 Paper 294204
8/10
GCPS 2013 __________________________________________________________________________
Note that the activities will vary depending on the type of installation. Some examples are: loading or unloading of trucks or railcars; operation above normal conditions; increase of capacity; confined space entry; working at height.
An example of analysis is for Gas Detection System failure, it is allowed to proceed with worksat heights and confined space entry; with caution, requiring additional evaluation normaloperation and loading/unloading; and not permitted operation above normal condition, increaseof capacity and hot work.
Operations vs.Operational Risk Factors
N o r m a l P r o d u c t i o n
O p e r a t i o n A
b o v e N o r m a l C o n d i t i o n s
I n c r e a s e o f C a p a c i t y
L o a d i n g / U n l o a
d i n g T r u c
k
L o a d i n g / U n l o a
d i n g R a i l c a r
C o n f i n e d S p a c e E n t r y
H o t W o r
k
W o r
k i n g a t H e i g h t s
Safety interlocks RA X X RA RA P RA RA PSVs RA X X RA RA P P RA Filter Pressure Drop Indication RA RA RA NA NA NA NA NA
Injection of Corrosion Inhibitor RA RA RA NA NA NA NA NA Gas and Fire Detection System RA X X RA RA P X P
CFTV P RA RA RA RA P P P
P- PermittedRA Perform Risk Analysis
X- Do not Proceed
Figure 5 Example of SOOB Matrix
2.4 Step 4 Definition of Contingency Plan
The Step 4 of this methodology consists on the definition of Contingency Plan for each SCE.The immediate response action that will normally be applied are:
to stop or limit operations to within the limits of remaining barriers; or
8/11/2019 Paper 294204
9/10
GCPS 2013 __________________________________________________________________________
identify and assess any temporary substituted safety system barrier that may beimplemented to support continued operation.
The company shall establish and document contingency procedures and a system of approval andcontrol of SCE to be used when those are under degraded conditions or out of operation.
The following items shall be considered:
Implementation of alternative controls equivalent; Limitation and reduction of production; Isolation and stopping of equipment, systems, installations; Deadline for the temporary procedure to be allowed until corrective measures are taken.
A specific contingency plan is then developed for each SCE, using, for instance, the exampleindicated in Figure 6.
SCE Permitted AcitivitiesActivities with
RestrictionProhibited Activities
Gas DetectionSystem
Confined Space EntryWorking a t heights
Normal ProductionLoading/Unloading
Hot workOperation abovenormal conditionsIncrease of capacity
Permitted Activities:
Activities withRestriction:
Prohibited Activities:
Deadline Responsible
One month Opera ti on Manager
- Operation Manager
One month Opera ti on Manager
SCE Resposible
If SCE not returned to full operation afterfirst deadline, reduce production and safestop production
Performed loading/unloading activitieswith one extra fiel operator
Maintenance Manager
Activity
No limitation for the development or continua tion of acti vity, event withloss o f the SCE
No limitation for the development or continua tion of acti vity, event withloss o f the SCENot allowed to perform the activity and must be interrupted, even with
Alternative Procedures for Activities with Resctriction
Normal production to continuous wi th oneextra Operation Supervisor per shift, withfocus on Control Room supervision
Figure 6 Example of Contingency Plan for SCE
8/11/2019 Paper 294204
10/10
GCPS 2013 __________________________________________________________________________
2.4 Step 5 Definition of Maintenance and Inspection Prioritization
The final step for implementation of this methodology of Management of SCE is to incorporateon maintenance and inspection routines and procedures prioritizations that will consider the
findings of the analysis of the SCE. Some important points shall be considered: Guarantee that all SCE are classified as high priority for maintenance routines; Guarantee no delays for inspection routines for the elements associated with MAH and
classified as SCE; Evaluate the need of spares of SCE, where applicable.
3. Conclusion
As initially indicated, this paper presents a 5-step methodology for management of SCEs, beingthose defined here as safety barriers that can avoid or mitigate Major Accident Hazards. The
objective of each step as well as practical approach and examples are presented, adaptingcommon use methodologies from Offshore Industry to Process Industries.
As extension of this work, considering all aspects for the presented, some improvements can beimplemented. The inclusion of procedures as part of the analysis, after the identification of thecritical procedures, with guarantee of correct training or certification of operators, is one of these
points. One additional relevant aspect is to incorporate a 6 th step on the above methodology ofmanagement of SCE, with the audit of process of management of the critical barriers.
Finally, it is importance to note that, this methodology was developed with the intention ofgiving support for companies to systemic manage Safety Critical Elements and comply with
relevant regulation and best practices.
4. References
[1] Norsok S-001, Edition 4, February 2008, item 3.1.11. Norway. 2008
[2] Health and Safety Executive, A guide to the Offshore Installations (Safety Case)Regulations 2005, item 83. London. 3 rd Edition. 2006.
[3] ISO 17776:2000, Petroleum and natural gas industries Offshore productionInstallations Guidelines on tools and techniques for hazard identification and riskassessment, Table A.1. Geneva. 2006.
[4] IADC, HSE Case Guidelines for Mobile Offshore Drilling Units, Issue 3.2.1, 2009.