Safety Management System Performance Based on Organizational Factors of “Seveso” sites Papadakis Georgios A., Kokkinos Konstantinos G. & Machaira Paschalia

Safety Management System Performance Based on Organizational

Factors of “Seveso” sites

Papadakis Georgios A., Kokkinos Konstantinos G. & Machaira Paschalia P. Industrial Risk ManagementDept. of Production Engineering and ManagementTechnical University of Crete (TUC), Chania, Greece

TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E 11-13 SEPTEMBER 2006 LJUBLJANA, SLOVENIA

Purpose Of the Study

• Development and analysis of an integrated model of Safety Management Systems (SMS) in “Seveso” sites for the control of major-accident hazards involving dangerous substances.

• Linkage of the events of a Fault Tree to SMS and quantification of SMS performance through measuring reliability and performance of system elements and safety related procedures.


The SMS elements

Management&

Leadership

Risk Assessment

Emergency Planning

GPPolicy/Goals

Available Resources

RR

PS

F

TK

GP

RAL

RR

PS

TK

TK

Accident Scenarios/Consequence Zones/Risk Evaluation

GP

RR

PS

Overall Performance

Problem Identification

Training Needs

PS

TK

Training NeedsTraining Needs

Training Needs

OK Yes

No

Preventive, Control and Mitigation Measures

PCMM

RAC

RAL

RAL

RAL

Goal Prioritization

Resource Alloc.

Roles-Respons.

Personnel Selection

Formalization

Monitoring Performance

Audit

QA-Perf. Evaluation




QA-Perf.Evaluation


Training(Management &

Personnel)

GP

RR

PS TK

Training Needs

RAL

Operations

GP

RR

PS

TK

Training Needs

RAL


QA-Perf.Evaluation

Maintenance

TK

GP

RAL

RR

PS

Training Needs


Prev. Maintenance/Test

Corrective Maintenance

Eq.&Struct. Monitoring

AS/CZ/RE

Planned Eq.&Pr.Changes

Systems Perf. Data

Systems Performance Data

Rel.Data/Systems Perf.Data

RR

ORK

ORKORKORK

ORK

QA-Perf.Evaluation

QA-Perf. Evaluation

CORCoordination

F COR

F COR

Equipment Performance

Plant Data/Systems Perf.


Overall Performance

COM

CEN

TU

COMCEN

F CORCOMCEN

CEN COM TU

F COR

COM

CEN

TU

F COR

COM

CEN

TU

F COR

COM

CEN

TU

OWN

OWN

OWN OWN

OWN

OWN

OWN

OL

OL

OL

OL

OL

OL

OL

ORK ORK


The SMS factors

• 30 principal organizational and management factors related

to the safety management.

• 16 organizational factors proposed in nuclear safety research and catalogued in five general categories:

1. decision making2. communications3. human resource allocation4. administrative knowledge5. Culture

• 14 management & other organizational factors not in taxonomy on the basis of the most important activities in operations with dangerous substances.


The SMS factors


Organizational factors

Decision Making: Centralization (CEN), Goal Prioritization (GP), Problem Identification (PI), Organizational Learning (OL), Resource Allocation (RAL)Communications: Communication (COM) (External, Inter/Intra-departmental) Human Resource Allocation: Quality Assessment (QA)/Perf. Evaluation, Personnel Selection (PS), Technical Knowledge (TK), Training Needs (TN)Administrative Knowledge: Coordination of Work (COR), Formalization (F), Organizational Knowledge (ORK), Roles-Responsibilities (RR)Culture: Ownership (OWN), Time Urgency (TU)

The SMS factors


Management & other organizational factors (not in taxonomy)

Policy/GoalsAvailable ResourcesOverall PerformancePlanned Equipment and Procedure ChangesPlant Data/Systems PerformanceSystems Performance DataEquipment and Structures Monitoring Equipment Performance Corrective Maintenance Preventive Maintenance/TestRisk Assessment Criteria (RAC) Accident Scenarios/Consequences Zones/Risk Evaluation (AS/CZ/RE) Preventive, Control & Mitigation Measures (PCMM) Reliability Data/Systems Performance Data

The model action-flow diagram

• Representation of SMS elements and factors in a model action-flow diagram using the Structured Analysis and Design Technique (SADT).

• Interconnections between factors and elements and interrelations between elements can be defined and thus action flows can be delineated.

• Localization of problem areas, discovery of organizational and management weaknesses of a SMS and user guidance to specific actions.


The system work-flow loops

• Sequences of actions related to important safety operations. It is postulated that each loop: – Is closed (starts and ends at the same element) – Has a specified target and is operationally independent

from other loops– Is discrete in time with specified duration and operates

either in parallel or in series with other loops

• Under these terms, the loops are bound to consist of factors that connect system elements and to show the logical arrangement of actions that should be performed for the safe operation of the system.


The system work-flow loops

• Division of loops in: – “Fast response” loops (i.e. those related to safe

operations of processes with dangerous substances) – “Slow response” loops (i.e. those related to

implementation of training activities)

• In order for a loop to be meaningful for safety: – All its factors and procedures should be considered

operable and not fail on demand (reliability)– Its target should be met within predetermined period of

time (effectiveness)

• There is always one (or more) “controlling mechanisms” to which reliability and effectiveness of the loop is more sensitive.


Analysis of “Seveso” Sites operations in work-flow loops

• Analysis of “Seveso” sites safety operations in loops with data from an industrial site in Greece.

• Analysis of SMS operation considering 15 principal loops necessary for the prevention of accidents involving dangerous substances.

• Identification of organizational factors as underlying causes of SMS failure and contributing to SMS inefficiency.


Quantification of SMS performance

• Based on SAM approach (Pate-Cornel & Murphy 1996), SMS reliability is measured by linking the probability of each top event (i.e. release of dangerous substance) to work-flow loops.

• The events (technical, organizational, managerial) identified in a fault tree of an accident scenario (top event) are assumed to be linked to the SMS.

• Principal feature of the proposed approach is the use of Minimal Cut Sets (MCS = minimal set of events that lead to the undesired top event).

• The probability of a MCSk is assumed to be influenced by the actions and procedures of the SMS, found in (j) loops, Bjk.


Quantification of SMS performance


If a specific top event F is analyzed using FTA, the probability of that top event P(F) can be described by:

Each loop Bjk consists of (i) independent factors Oij in series. The conditional probability of a top event F if a factor Oij fails can be expressed by:

jkkk j

ij BMCSPOFP ||

Given the condition that each loop is operationally independent from others, the probability of a MCSk can be calculated by:

jkk j

jkk BPBMCSPFP |)(

j

jkk BPMCSP

CASE STUDY


In the simplest case of two loops influencing a MCSk, the probability of the MCSk can be estimated by the equation:

2221112222111121

21

111

111112

1

BBBBBBBBBBBBBBBB

jk

tttttttttttttt

Bj

BBMCS

eeeeeeee

RRtRtR

Assuming that: 11 BB te and

22 BB te

the probability of the MCSk can be expressed by:

2211 BBBB

k

tttt

MCS eetR

CASE STUDY


To further the analysis, the following cases are examined:

– Loop B1 is assumed to be a “fast response” loop and loop B2 a “slow response” loop. In this case the MCSk reliability was found to be determined by the reliability of the “fast response” loop when λB1 < λB2.

– Both two loops are assumed to be “fast response” loops (tB1, tB2→0). The MCSk reliability is then determined by the reliabilities of both loops for t > tB1, tB2:

tt

MCSBB

keetR 21

The quantitative results show that the reliability of a MCSk is mostly controlled by the “fast response” loops (tB0) and thus safety performance is expected to depend more on “fast response” loops.

CASE STUDY

• Given the condition that each loop Bj consists of (i) independent factors Oij in series the reliability of a loop can be calculated by multiplying the reliabilities for all factors. Using the reliability expressions for each factor, the reliability of a loop Bj during the time interval (0, t) can be expressed by:


n

i

tn

i

tt iijiij

jeetR

11

where λij = constant failure rate of factor Oij; ti = operational time of factor Oij; and n = total number of factors.

The above expression shows that the reliability of a loop is controlled by the factors with short duration (ti →0) and thus safety performance is expected to depend more on these factors.

Example of a loop for the prevention of fuel release


Management&

Leadership

Risk Assessment

Emergency Planning

GPPolicy/Goals

Available Resources

RR

PS

F

TK

GP

RAL

RR

PS

TK

TK

Accident Scenarios/Consequence Zones/Risk Evaluation

GP

RR

PS

Overall Performance


Training Needs

PS

TK

Training NeedsTraining Needs

Training Needs

OK Yes

No

Preventive, Control and Mitigation Measures

PCMM

RAC

RAL

RAL

RAL

Goal Prioritization

Resource Alloc.

Roles-Respons.

Personnel Selection

Formalization

Monitoring Performance

Audit

QA-Perf. Evaluation




QA-Perf.Evaluation


Training(Management &

Personnel)

GP

RR

PS TK

Training Needs

RAL

Operations

GP

RR

PS

TK

Training Needs

RAL


QA-Perf.Evaluation

Maintenance

TK

GP

RAL

RR

PS

Training Needs


Prev. Maintenance/Test

Corrective Maintenance

Eq.&Struct. Monitoring

AS/CZ/RE

Planned Eq.&Pr.Changes

Systems Perf. Data

Systems Performance Data

Rel.Data/Systems Perf.Data

RR

ORK

ORKORKORK

ORK

QA-Perf.Evaluation

QA-Perf. Evaluation

CORCoordination

F COR

F COR


Plant Data/Systems Perf.


Overall Performance

COM

CEN

TU

COMCEN

F CORCOMCEN

CEN COM TU

F COR

COM

CEN

TU

F COR

COM

CEN

TU

F COR

COM

CEN

TU

OWN

OWN

OWN OWN

OWN

OWN

OWN

OL

OL

OL

OL

OL

OL

OL

ORK ORK

CASE STUDY RESULTS


200 400 600 800 1000 1200 1400 1600 1800 200010

-10

10-8

10-6

10-4

10-2

100

t

R

Ra

Rb

R

Figure presents MCSk reliability (R) with respect to the reliability of critical loops B1 (Ra) and B2 (Rb) with λB1=0.005 hr -1, tB1=4 hrs, λΒ2=0,01 hr -1 and tB2=100 hrs

Conclusions

• The model action-flow diagram can be used in its own right as a means of identifying organizational and management weaknesses of a SMS.

• The analysis of important safety operations in work-flow loops shows the applicability and usefulness of the proposed model.

• The model can be widely used as a decision support tool for safety critical actions in the SMS of any organization.

• The linkage of events of a fault tree to the SMS help to discover “controlling” organizational factors in the SMS that affect system performance.


Conclusions

• There are indications that fast safety actions influence more SMS performance.

• There are indications that the “controlling mechanisms” mostly contributing to SMS failure and SMS inefficiency are factors which achieve their tasks in short time.

• Proposals to future research: – Application of SMS in other activities involving

dangerous substances.– Use of quantitative data for better understanding of the

impact of organizational factors on performance and reliability of SMS.


Documents

Safety Management System Performance Based on Organizational Factors of “Seveso” sites Papadakis Georgios A., Kokkinos Konstantinos G. & Machaira Paschalia