Keeping Bowties Alive
-
Upload
chandrashekhar-kulkarni -
Category
Business
-
view
293 -
download
3
Transcript of Keeping Bowties Alive
Keeping Bowties AliveDecember 2013
Bell Energy, Abu Dhabi
www.bell-energy.com
Purpose
Understand:
– Generic purpose of Bowties– Common terminologies adopted
Appreciate:
– How Bowties are adopted in Oil & Gas Processes
Be able to:
– Build bowties for a facility / unit– Use Bowties to identify
• HSE Critical Equipment and Systems• HSE Critical Activities• HSE Critical Integrity Activities
– Operationalize Bowties for day-to-day functions
Keep Bowties Live using Electronic HSE Cases
Slide 2
Introduction to BowtiesFebruary 2014
www.bell-energy.com
Chapter 1 – Elements of Bowtie
Slide 4
www.bell-energy.com
Risk Management Preface
Slide 5
HazardIdentification H&ERs
Management through HSE Management
System
PolicyOrganizationProcedures
Performance Measurement
Control of Major Accident Hazards
BOWTIESHSECES
HSECES Performance Standards
HSE Critical Activities & Tasks
Quality Performance Standards
QRA
www.bell-energy.com
What is a Bowtie ?
A bowtie is a graphical representation of:
– The relationships between the following• causes of Major Accident Hazards (MAH), • the consequences of MAH• the preventive barriers in between the causes and top event• the mitigation barriers in between the top event and worst consequences• Potential escalations factors leading to barrier failures
– Barriers are linked to:• Hardware - “HSE Critical Equipment and Systems”• Activities & Tasks – “HSE Critical Activities and Tasks”• Integrity of the Hardware – “HSE Critical Integrity Activities”• Quality of the Activities & Tasks – “Quality Performance Standards”• Competent Personnel – “HSE Critical Positions”
– Highlights the crucial connection between barriers and the HSEMS procedures necessary for assuring their ongoing effectiveness
Slide 6
www.bell-energy.com
Elements of a Bowtie
Slide 7
Major Accident HazardMajor accident means an
‘Occurrence’ in the operation of a site which leads to severe or catastrophic consequences including the critical high risk (which corresponds to 3E in the RAM) to people, assets, the environment and/or company reputation
MAH Examples:
1. Pressurized Hydrocarbons2. Toxic Gas
www.bell-energy.com
Elements of a Bowtie
Slide 8
Top Event
What happens when we lose control ?Top Event = Hazardous EventExamples:1. Loss of Containment2. Loss of Structural Stability
Major Accident Hazard
www.bell-energy.com
Elements of a Bowtie
Slide 9
Top Event
Major Accident HazardThreats
What could CAUSE the loss of control ?
Examples:1. Corrosion2. Pressure Build-up
Threats
Threats
Threats
www.bell-energy.com
Elements of a Bowtie
Slide 10
Top Event
Major Accident HazardThreats
How can the EVENT develop ?What are the worst outcomes ?
Examples:1. Jet Fire2. Explosion3. Toxic Gas Dispersion
Threats
Threats
Threats Consequence
Consequence
www.bell-energy.com
Elements of a Bowtie
Slide 11
Top Event
Major Accident Hazard
Threats
Consequence
Consequence
Threat Controls
How do we prevent the threat from realizing into the Top Event ?
Examples:1. Cathodic Protection2. PAHH closing ESD Valve
Barriers should be:1. Independent2. have an HSE Function3. Reliable4. Available on Demand5. Survive6. Have management controls for
ongoing effectiveness
www.bell-energy.com
Elements of a Bowtie
Slide 12
Top Event
Major Accident Hazard
Threats ConsequenceThreat
Controls
How do we recover if the event occurs? How do we limit the severity of the event?Examples:1. HVAC System2. Fire Protection System
Barriers should be:1. Independent2. Solely serve an HSE Function3. Reliable4. Available on Demand5. Survive6. Have management controls for
ongoing effectiveness
RPM
RPM – Recovery PreparednessMeasures
www.bell-energy.com
Elements of a Bowtie
Slide 13
Top Event
Major Accident Hazard
Threats ConsequenceThreat Control
How might controls fail?How could their effectiveness be undermined?Examples:1. Failure to make-up for Corrosion
Inhibitors2. Bypass on an ESD System
RPM
Escalation Factors
RPM – Recovery PreparednessMeasures
www.bell-energy.com
Elements of a Bowtie
Slide 14
Top Event
Major Accident Hazard
Threats ConsequenceThreat Control
How do we make sure controls do not fail
Examples:1. Bypass / Override authorization2. Partial Stroke Testing of ESD
RPM
EFC
Escalation Factors
RPM – Recovery PreparednessMeasures
EFC – Escalation FactorControls
www.bell-energy.com
Elements of a Bowtie
Slide 15
Top Event
Major Accident Hazard
Threats ConsequenceThreat Control
Escalation Factors apply to all barriers (preventive and mitigation)
RPM
EFC
Escalation Factors
www.bell-energy.com
Elements of a Bowtie
Slide 16
Top Event
Major Accident Hazard
Threats Consequence
Barrier Barrier
EFC
Escalation Factors
EFC
Escalation Factors
Tasks Tasks TasksWhat tasks do we do to make sure that controls continue to work?
www.bell-energy.com
Elements of a Bowtie
Slide 17
Top Event
Major Accident Hazard
Threats Consequence
Barrier Barrier
EFC
Escalation Factors
EFC
Escalation Factors
Tasks Tasks TasksWho will perform these Tasks?
Personnel Personnel
www.bell-energy.com
Elements of a Bowtie
Slide 18
Tasks Tasks Tasks
What are these tasks:
– Inspection– Repair– Testing– Supervision– Operating within boundary
Who performs these tasks:
– Competent Personnel– Trained in performing these tasks– Experienced– Continuous updating their skills and
knowledge– Know their limits
How to know when to do these tasks
– Performance Standards– RBI, RCM– Vendor Requirements
What to do?
– Job Plans– MAXIMO Data
Is there a procedure
– HSE Critical Activities Catalogue– Inspection & Test Procedures
What competencies are needed?
– Competency Assessments (CAMS)
www.bell-energy.com
Bowties
Slide 19
BOWTIE REPRESENTS YOUR MAJOR ACCIDENT HAZARD
MANAGEMENT SYSTEM
www.bell-energy.com
Chapter 2 –Common Bowtie
Terminologies
Chapter 1 –Elements of Bowtie
Slide 20
www.bell-energy.com
Common Terminologies
Major Accident Hazards Major accident means an ‘Occurrence’ in the operation of a site which leads to severe or
catastrophic consequences including the critical high risk (which corresponds to 3E in
the RAM) to people, assets, the environment and/or company reputation. The
consequences may be immediate or delayed and may occur outside as well as inside
the site. There will also be a high potential for escalation.
excludes ‘Occupational accidents’ which have bounded, albeit possibly severe or
catastrophic consequences.
– This means that one or more pedestrian fatalities resulting from a road accident on a
site (however regrettable and tragic) would not be defined as a ‘Major Accident’.
– Similarly, one or more fatalities resulting from a fall from a scaffolding platform (again
regrettable and tragic) would not be defined as a ‘Major Accident’.
Slide 21
www.bell-energy.com
Common Terminologies
Risk Risk is the product of the measure of the likelihood of occurrence of an
undesired event and the potential adverse consequences which this event
may have upon:
– People – injury or harm to physical or psychological health
– Assets (or Revenue) – damage to property (assets) or loss of production
– Environment – water, air, soil, animals, plants and social
– Reputation – employees and third parties. This includes the liabilities arising
from injuries and property damage to third parties including the cross
liabilities that may arise between the interdependent Group Companies.
Slide 22
www.bell-energy.com
Common Terminologies
Top Event Specific incident scenario described by a fault tree, for example ‘the 'release'
of a hazard’.
Threat A cause that could potentially release a hazard and produce a hazardous
event.
Threat Controls All measures taken to reduce the probability of release of a hazard. Measures
put in place to block the effect of a threat.
Slide 23
www.bell-energy.com
Common Terminologies
Consequence or Severity Adverse effects or harm which causes the quality of human health or the
environment to be impaired. Basically it is the loss that can be inflicted if the
any hazardous event occurs.
Recovery Preparedness Measures All technical, operational and organisational measures that limit the chain of
consequences arising from the first hazardous event (or 'top event'). These
can
– reduce the likelihood that the first hazardous event or 'top event' will develop
into further consequences and
– provide lifesaving capabilities should the 'top event' develop further.
Slide 24
www.bell-energy.com
Common Terminologies
Escalation An increase in the consequences of a hazardous event.
Escalation Factors Conditions that lead to increased risk due to loss of controls or loss of
recovery capabilities (mitigation or lifesaving). Escalation factors include
abnormal operating conditions, e.g. maintenance mode, operating outside
design envelope; environmental variations, e.g. extreme weather and tidal
conditions; failure of barriers, e.g. maintenance failure, due to explosion or
fire, introduction of ignition source; human error, e.g. lapses, rule violations;
no barrier provided, e.g. not possible or too expensive. Escalation Factors
may concurrently affect the control and/or recovery of more than one hazard.
Slide 25
www.bell-energy.com
Common Terminologies
Escalation Factor Controls Measures put in place to block or mitigate the effects of escalation factors.
Types include guards or shields (coatings, inhibitors, shutdowns), separation
(time and space), reduction in inventory, control of energy release (lower
speeds, safety valves, different fuel source) and non-physical or
administrative (procedures, warnings, training, drills)
Slide 26
www.bell-energy.com
Common Terminologies
HSEMS The company structure, responsibilities, practices, procedures, processes and
resources for implementing health, safety and environmental management.
HSE Critical Activities Activities that are important in preventing events with potential to cause
serious harm to people, the environment or property or which can reduce the
impact of such an event. Note: The definition of serious harm includes the
CRITICAL, SEVERE AND CATASTROPHIC categories
Slide 27
www.bell-energy.com
Common Terminologies
HSECES Parts of an installation and such of its structures, plant equipment and
systems (including computer programmes) or any part thereof, the failure of
which could cause or contribute substantially to; or a purpose of which is to
prevent or limit the effect of a major accident.
HSE Critical Integrity Activities Activities associated with the integrity of HSECESs. Activities such as design,
construction, installation, commissioning, operation, modification, repair,
inspection, testing or examination associated with assuring the integrity of a
HSECES.
Slide 28
www.bell-energy.com
Common Terminologies
HSECES Performance Standards A statement which can be expressed in qualitative or quantitative terms, of the
performance required of a system, item of equipment or computer programme
and which is used as the basis for verification throughout the life cycle of the
installation.
Quality Performance Standards It is a demonstration that the procedures developed for HSE Critical Integrity
Activities are suitable and are undertaken by Competent Person in a manner
that assures the integrity of the HSECES.
Slide 29
www.bell-energy.com
Chapter 3 –Bowties
and HSEMS
Chapter 2 –Common Bowtie
Terminologies
Chapter 1 –Elements of
Bowtie
Slide 30
www.bell-energy.com
Bowties and HSEMS
The HSE Management System has policies, plans and procedures
Includes list of activities associated with Low, Medium and High risk
hazardsHSEMS
BowtiesHSE Critical Activities, Critical Integrity Activities
• Activity Catalogue• Tasks Specification
Sheets• Job Plans• Quality Performance
StandardsJudgement,Experience, Risk Analysis for non routine operations
• Procedures• Responsibilities• Performance• Competencies
Judgement & Experience
• Generic Procedures / Competencies
Slide 31
www.bell-energy.com
Filtering Activities
H&ERs
Tasks Tasks Tasks Tasks Tasks Tasks Tasks
Tasks Tasks Tasks
All activities arising from the control of low, medium and high risk hazards will be part of the HSEMS.
Slide 32
www.bell-energy.com
Classification of Activities
Slide 33
TasksTasks
All routine tasks (low and medium) are managed by
the existing HSEMS Procedures
Examples:
Housekeeping
Lock Out Tag Out
TasksTasks
Hazardous Activities may be HSE Critical Activities but
are not HSE Critical Integrity Activities
Examples:
Confined Space Entry
Working at height
TasksTasks
HSE Critical Integrity Activities only relate
to HSECESs
Examples:
Partial Stroke Testing
Detector Calibration
Acceptance Tests
www.bell-energy.com
Chapter 4 –Fault Tree, Event Tree Approach
Chapter 2 –Common Bowtie
Terminologies
Chapter 3 –Bowties and
HSEMS
Chapter 1 –Elements of
Bowtie
Slide 34
www.bell-energy.com
Another Look at the Bowtie
Slide 35
A bowtie is well understood as a Fault Tree to the Left Hand Side and Event Tree
on the Right Hand Side
www.bell-energy.com
Another Look at the Bowtie
Slide 36
ORPT Failure
PCV FailureSignal Failure
Leads to pressure control loop failure (Basic Process Control System BPCS)
E-2
PLCS-1
PSV
ESD Valve
PAHPAHH
PCV
PT
P-13
THREAT: OVERPRESSURIZATION
www.bell-energy.com
Another Look at the Bowtie
Slide 37
ORPT Failure
PCV FailureSignal Failure
ORPAH Failure
Operator fails to control pressure
No time for operator action
E-2
PLCS-1
PSV
ESD Valve
PAHPAHH
PCV
PT
P-13
PAH is a barrier (HSECES: Process Alarms) – This is effective only if operator knows what to do, can react appropriately to panic situation and has rehearsed this in an Operator Training Simulator. If there is no time for operator action, this barrier fails.
www.bell-energy.com
Another Look at the Bowtie
Slide 38
ORPT Failure
PCV FailureSignal Failure
ORPAH Failure
Operator fails to control pressure
No time for operator action
ORPAHH Failure
PLC FailureESDV Failure
E-2
PLCS-1
PSV
ESD Valve
PAHPAHH
PCV
PT
P-13
These are related to HSECES: Instrumented Protective Function. Can fail due to design errors, lack of testing
www.bell-energy.com
Another Look at the Bowtie
Slide 39
ORPT Failure
PCV FailureSignal Failure
ORPAH Failure
Operator fails to control pressure
No time for operator action
ORPAHH Failure
PLC FailureESDV Failure
ORPSV fails to lift / relieve
Vessel integrity failure
E-2
PLCS-1
PSV
ESD Valve
PAHPAHH
PCV
PT
P-13
PSV is related to HSECES: Pressure Relief. Vessel Integrity is related to HSECES: Hydrocarbon Containment
www.bell-energy.com
Another Look at the Bowtie
Slide 40
AND
ORPT Failure
PCV FailureSignal Failure
ORPAH Failure
Operator fails to control pressure
No time for operator action
ORPAHH Failure
PLC FailureESDV Failure
ORPSV fails to lift / relieve
Vessel integrity failure
When the threat occurs AND all barriers fail, the Top Event is realized
www.bell-energy.com
Another Look at the Bowtie
Slide 41
AND
ORPT Failure
PCV FailureSignal Failure
ORPAH Failure
Operator fails to control pressure
No time for operator action
ORPAHH Failure
PLC FailureESDV Failure
ORPSV fails to lift / relieve
Vessel integrity failure
This could lead to loss of Containment (eg. Hydrocarbon Containment)
LOC
www.bell-energy.com
Another Look at the Bowtie
Slide 42
No Ignition
Ignition Control
LOC
Immediate Ignition
Delayed Ignition
www.bell-energy.com
Another Look at the Bowtie
Slide 43
No Ignition
Ignition Control
LOC
Immediate Ignition
Success
Gas Detection, ESD, Blowdown
Failure
Delayed Ignition
www.bell-energy.com
Another Look at the Bowtie
Slide 44
No Ignition
Ignition Control
LOC
Immediate Ignition
Success
Gas Detection, ESD, Blowdown
Flame Detection ESD,
Blowdown
Failure
Delayed Ignition
Toxic Gas Dispersion
(short distance)
Toxic Gas Dispersion
(large distance)
Success
Failure
Flash Fire / VCE
www.bell-energy.com
Another Look at the Bowtie
Slide 45
No Ignition
Ignition Control
LOC
Immediate Ignition
Success
Gas Detection, ESD, Blowdown
Flame Detection ESD,
Blowdown
Failure
Delayed Ignition
Toxic Gas Dispersion
(short distance)
Toxic Gas Dispersion
(large distance)
Short Duration Jet FireSuccess
Failure Long Duration Jet Fire
Flash Fire / VCE
www.bell-energy.com
Another Look at the Bowtie
Slide 46
HVAC System
LOC
SCBA MEDEVAC / ERP
Toxic Gas Dispersion
(short distance)Fatalities
www.bell-energy.com
Another Look at the Bowtie
Slide 47
HVAC System
LOC
SCBA MEDEVAC / ERP
Toxic Gas Dispersion
(short distance)Fatalities
Fatalities / Asset Damage
Passive Fire Protection
Deluge System
Jet Fire
www.bell-energy.com
Another Look at the Bowtie
HVAC System
LOC
SCBA MEDEVAC / ERP
Toxic Gas Dispersion
(short distance)Fatalities
Flash Fire / VCE Fatalities / Asset Damage
Blast Resistant
MEDEVAC / ERP
Fatalities / Asset Damage
Passive Fire Protection
Deluge System
Jet Fire
www.bell-energy.com
Chapter 5 –Benefits of
Bowties
Chapter 2 –Common Bowtie
Terminologies
Chapter 3 –Bowties and
HSEMS
Chapter 4 –Fault Tree, Event Tree Approach
Chapter 1 –Elements of
Bowtie
Slide 49
www.bell-energy.com
Benefits of Bowties
Logical Structured Approach
Direct link between the Barriers and the Management System
Forces us to think if the barriers are adequate and effective
Helps in identifying Gaps in Management Systems that can be identified as
“deficiencies”
Deficiencies can be associated with Procedures, Organizational
Improvements, Competency, Barrier Effectiveness
Slide 50
www.bell-energy.com
Benefits of Bowties
Provides an “Auditable Trail” of the Hazards & Effects Management Process
(HEMP)
Helps in ALARP Demonstration
Can be “Operationalized”
Can be used in Quantifying Risks
Helps in Demonstrating Compliance to CORPORATE and REGULATORS
Slide 51
www.bell-energy.com
Disadvantages of Bowties
Bowties are not “intelligent” and is only a recording tool
Anything and everything put into a Bowtie can look like a barrier
It needs a good understanding of the methodology, risk management process
to be able to identify barriers that are independent
Can be misleading if the context is not understood
Solution: During the workshop, we will define the elements of the bowtie
comprehensively so that it can be understood by a person who was not
present in the workshop.
Slide 52
www.bell-energy.com
Chapter 6 –How to use
Bowties
Chapter 2 –Common Bowtie
Terminologies
Chapter 3 –Bowties and
HSEMS
Chapter 4 –Fault Tree, Event Tree Approach
Chapter 5 –Benefits of
Bowties
Chapter 1 –Elements of
Bowtie
Slide 53
www.bell-energy.com
How to use Bowties
Concept / FEED Stage
– The Bowties are used to identify and select barriers (HSECESs)• Eg. HIPPS versus Inherent Pressure Design• Fire Proofing versus Separation Distance• Blast Proofing etc.
– Through sufficient and suitable risk assessments (eg. QRA, FRA), the number of barriers required to reduce the risks to ALARP is determined
• Eg. Additional Shutdown Valves to isolate sections
– These barriers are included in the Bowties
– The Safety Function of the barriers are decided• The FEED Engineer develops the design• The Safety Function of the HSECES is determined based on the Bowties eg. Whether
to initiate ESD on Gas Detector or Flame Detection, whether to activate deluge automatically or manually etc.
– HSECES Performance Standards are developed for FEED phase
Slide 54
www.bell-energy.com
How to use Bowties
Detailed Engineering & EPC Phase
– The Bowties are reviewed to identify any new barriers (HSECESs)
– Through sufficient and suitable risk assessments (eg. QRA, FRA), the number of barriers required to reduce the risks to ALARP is determined
– The EPC Phase HSE Critical Integrity Activities and Tasks are determined• Eg. Factory Acceptance Tests, Site Acceptance Tests, Material Requisitions,
Datasheets and Specifications, Independent Verification & Third Party Inspections etc.
– HSECES Performance Standards are developed for EPC phase
– Quality Performance Standards are developed for the HSE Critical Integrity Activities and Tasks
Slide 55
www.bell-energy.com
How to use Bowties
Operations Phase
– If required, retrospective Bowties are developed
– Through sufficient and suitable risk assessments (eg. QRA, FRA), the number of barriers required to reduce the risks to ALARP is determined
– The Operations Phase HSE Critical Integrity Activities and Tasks are determined• Eg. Inspections, Maintenance, Testing, Verification, Management of Change.
– HSECES Performance Standards are developed for Operations phase
– Quality Performance Standards are developed for the HSE Critical Integrity Activities and Tasks
Slide 56
www.bell-energy.com
How to use Bowties
There is more in the Operations Phase….
– HSECES Tags are identified
– These tags can be then included in MAXIMO / SAP system
– Job Plans for the HSE Critical Integrity Activities are developed
– A verification scheme is prepared to ensure that the HSECESs are within their integrity boundary
– Competency Matrix is developed
– The HSECES effectiveness / degradation is determined
– MOPO is prepared based on unavailability of HSECESs
Slide 57
www.bell-energy.com
How to use Bowties
As a Plant Operator, the Bowtie can be used:
– Checks the health of all barriers
– What to do if a barrier is not available
– What “layers or protection” do we have and are they adequate
– Interfaces with Contractor works or other projects
– Permit to Work system
Slide 58
To achieve this you need to maintain the Bowtie as a “Live Document” preferably
through an Electronic HSE Case
www.bell-energy.com
Other Applications of Bowties
Incident Investigation
Audits
Managing KPIs
Slide 59
www.bell-energy.com
Exercise 1 –Drawing a
simple Bowtie
Chapter 2 –Common Bowtie
Terminologies
Chapter 3 –Bowties and
HSEMS
Chapter 4 –Fault Tree, Event Tree Approach
Chapter 5 –Benefits of
Bowties
Chapter 6 –How to use
Bowties
Chapter 1 –Elements of
Bowtie
Slide 60
Risk Management using BowtiesFebruary 2014
www.bell-energy.com
Chapter 1 –Preparing for Developing
Bowties
Slide 62
www.bell-energy.com
Team Composition
Workforce Involvement is very important aspect of Bowtie development
The Team should be composed of
– Operations
– Maintenance, Reliability & Integrity
– Process, Mechanical, Instrumentation
– Process Safety, Environment & Health
Slide 63
www.bell-energy.com
Bowtie Inputs and Outputs
Slide 64
www.bell-energy.com
Steps to develop Bowties
www.bell-energy.com
Steps to develop Bowties
www.bell-energy.com
Steps to develop Bowties
www.bell-energy.com
Steps to develop Bowties
www.bell-energy.com
Chapter 2 –Parent & Unit Level Bowties
Chapter 1 –Preparing for Developing
Bowties
Slide 69
www.bell-energy.com
Parent & Unit Bowties
This method is similar to the Parent-Child bowtie concept used by Shell
Parent Bowtie is also termed as “Best Practice Bowtie” which is developed for the Major Accident Hazards of the entire plant
Then the Parent Bowtie is reviewed and updated when applied to each units
Helps in identifying the superparent, parent and child HSECES tags
Example is presented in the Software Demonstration
Slide 70
www.bell-energy.com
Chapter 3 –Barrier
Hierarchy, Effectiveness
Analysis
Chapter 2 –Parent &
Unit Level Bowties
Chapter 1 –Preparing for Developing
Bowties
Slide 71
www.bell-energy.com
Critical Alarms, Safety Instrumented Systems
Pressure Relief Valves, Rupture Discs
Bunds, Dikes
Deluge system, Fire sprinklers, Gas Detection and Alarms
Plant Emergency Response
Offsite Emergency Response
Layers of Protection & Barrier Hierarchy
Slide 72
Process Design
Basic Process Control System
Inherent Safety Features
Process Safety
Loss Prevention
Emergency Response
www.bell-energy.com
Barrier Effectiveness
Barrier Effectiveness Measures
– Functionality / Effectiveness – The barrier functionality / effectiveness is the ability to perform a specified function under given technical, environmental, and operational conditions.
• It deals with the effect the barrier has on the event or the accident sequence• Determining the effectiveness is related to determining the “possible degree of
fulfillment” of the specified function• Eg. if the function is to pump water, a functional requirement may be that the output of
water must be between 100 and 110 litres per minute. The actual functionality of a barrier may be less than the specified functionality due to design constraints, degradation, operational conditions,
– Reliability / Availability – The barrier reliability/availability is the ability to perform a function with an actual functionality and response time while needed, or on demand.
• Corresponds to Safety Availability / Safety Integrity requirements (IEC 61511)• All necessary signals must be detectable when barrier activation is required.• Active barriers must be fail-safe, and either self-testing or tested regularly.
Slide 73
www.bell-energy.com
Barrier Effectiveness
Performance of safety barriers
– Response Time – The response time is defined differently for different types of barriers. It is generally defined as the time required for the barrier to complete it’s safety function
• Eg. For ESD System the “Response Time” is the time required to close the valve such that the flow is stopped
• Similarly, the “Response Time” for deluge system is the time to deliver the specified amount of water (and not the time until the fire is extinguished)
– Robustness / Survivability – Barrier robustness is the ability to resist given accident loads and function as specified during accident sequences.
• Eg. Survivability of Valve Solenoid to Jet Fire scenarios• Able to withstand extreme events, such as fire, flooding, etc.• The barrier shall not be disabled by the activation of another barrier.• Two barriers shall not be affected by a (single) common cause.
Slide 74
www.bell-energy.com
Barrier Effectiveness
Performance of safety barriers
– Triggering Event / Condition – The triggering event or condition is the event or condition that triggers the activation of a barrier.
• Eg. Initiating events are important to decide the total scope of the barrier safety function.
– Adequacy – Able to prevent all accidents within the design basis.• Meet requirements set by appropriate standards and norms.• Capacity must not be exceeded by changes to the primary system.• If a barrier is inadequate, additional barriers must be established.
Slide 75
www.bell-energy.com
General Barrier Effectiveness Ratings
The General Barrier Effectiveness Ratings are based on the following parameters:– Field Experience of the “Functionality” of the Barrier based on:
• Status of the required inspections / tests as per schedule as required by the Performance Standard
• Status of the hardware when it is tested• The amount of time it requires repair to pass
– Findings of the Site Audits on the management of HSECES– Status of Audit Actions– Availability and adequacy of Competent Personnel to perform the job– Level of training and continuing education they receive– Past Incidents related to the functionality of the HSECES– Is the HSECES in place– Reliability– Human Dependency– Any survivability issues
Slide 76
www.bell-energy.com
Barrier Effectiveness Template
Slide 77
Barrier Title:Bowtie Ref:
Yes No Unknown
2.1. Is the barrier amongst an "Instrumented Protective Function"2.2. Does it have a SIL rating greater than SIL 1
3. Human Factors
4. Processes4.1. Is this barrier management process audited?4.2. Have the identified action items been completed or alternative4.3. Is the impletementation on schedule4.4. Is the process used uniformly
5. Personnel5.1. Is the concerned staff training up-to-date5.2. Is the concerned staff job profile adequate for the barrier management5.3. Is the concerned staff competent in performing the action
3.2. Clearly defined task, defined operating procedures, operator is trained and experienced, or errors conceivable, but very unlikely.3.3. Operating under stress, multi-tasking, complex procedures, difficult to operate, operator is trained, or errors possible.3.4. Operating under high stress, complex or unclear procedures, inadequate training, or errors quite possible.
3.4. Personnel unfamiliar with the task, very complex procedures, no training, errors might well be expected, or emergency situation
NOT EFFECTIVEEFFECTIVEVERY EFFECTIVE
1.8. Is the barrier operating beyond it's design life?1.9. Is the barrier designed as per an obsolete standard?
2. Is the barrier reliable?
3.1. No human involvement, simple instructions, easy to operate, intuitive, proven operator performance, or consequences of errors limited by design.
1.2. Has the barrier been maintained as per the Performance Standard?1.3. Has the barrier been tested as per the Performance Standard?1.4. Has the barrier been inspected as per the Performance Standard?1.5. Has the barrier undergone any form of degradation?1.6. Has the barrier failed any tests?1.7. Does the barrier require to be repaired very often?
1. Is the barrier in place and being used ?1.1. Has the barrier been "inhibited" during normal operation?
In Place ?
Reliable ?
Human Factors ?
Processes ?
Personnel ?
www.bell-energy.com
Barrier Adequacy
Barrier Adequacy is based on two requirements
Prescriptive Requirements (to meet as minimum)
Goal Setting Requirements (to meet ALARP)
Slide 78
www.bell-energy.com
Chapter 4 –HSE Critical
Integrity Activities &
Tasks
Chapter 2 –Parent & Unit Level Bowties
Chapter 3 –Barrier Hierarchy,
Effectiveness Analysis
Chapter 1 –Preparing for Developing
Bowties
Slide 79
www.bell-energy.com
HSE Critical Integrity Activities
Slide 80
activity
activity
activity
activity
activity
activity
activity
activity activity
activity
activity
activity activity
activity
activity
activity
All Activities are not HSE Critical Integrity Activities. On those that are for ensuring the integrity of HSECESs are. However all
other activities related to HSE are part of HSEMS
HSE Critical Integrity Activities are dynamically affected during the facility operations eg. Interfacing with other projects
www.bell-energy.com
HSE Critical Integrity Activities
Slide 81
activity
activity
activity
activity
activity
activity
activity
activity activity
activity
activity
activity activity
activity
activity
activity
activity
activity
activity
activity
activity activity activity
activity
activity activity
Covered by HSEIA
Contractor Activities (Simultaneous Activities / Operations)
www.bell-energy.com
HSE Critical Integrity Activities
Slide 82
HSECES
Bowtie Analysis
Performance Standards
Responsibility
PerformanceIndicatorsINPUT
Competencies Required
Task 1
Task 2
Task 3
OUTPUT
HSE CriticalIntegrityActivity
In THESIS, the above relationship can be built for each HSECES
www.bell-energy.com
Level of Detail in HSE Critical Integrity Activities
The general rules are:– HSE Critical Integrity Activities should be specific and fit for purpose– Activities should be documented at a level where accountability for the activity
can be realistically placed with a single individual. – for efficiency, activities which are the responsibility of one person should be
grouped together as one activity if possible– The activity should be based on quality management principles– It should documents working practices & controls in use – It should results in a ‘measurable’ activity
It should be presented in the form of an “Activity Specification Sheet”
– Who performs the activity / task– Brief description of the activity / task– What prompts the activity / task– What assures that the activity / task is performed correctly– How to know that the activity / task is complete– How frequently should the activity / task be performed
Slide 83
www.bell-energy.comSlide 84
Thank you for your Attention
United Arab Emirates
Bell Energy, 8th Floor, 801Noura Al Majid Bldg.Electra Street, Abu DhabiTel: +971 2 6761932Email: [email protected]
Branches:
Cleveland, USABrisbane, AustraliaWarrington, UKPune, IndiaToronto, Canada