Major Hazard Facilities Control Measures and Adequacy - PowerPoint PPT Presentation

1 / 77
About This Presentation
Title:

Major Hazard Facilities Control Measures and Adequacy

Description:

The seminar has been developed to provide: Context with MHF ... there must be no failure that can deactivate two or more controls (e.g. common cause failure) ... – PowerPoint PPT presentation

Number of Views:119
Avg rating:3.0/5.0
Slides: 78
Provided by: smail5
Category:

less

Transcript and Presenter's Notes

Title: Major Hazard Facilities Control Measures and Adequacy


1
Major Hazard FacilitiesControl Measures and
Adequacy
2
Overview
  • The seminar has been developed to provide
  • Context with MHF Regulations
  • An overview of what is required
  • An overview of the steps required
  • Examples of control measures and their adequacy

3
Some Abbreviations and Terms
  • AFAP - As far as (reasonably) practicable
  • DG - Dangerous goods
  • Employer - Employer who has management control of
    the facility
  • ER or ERP - Emergency response or Emergency
    response plan
  • Facility - any building or structure at which
    Schedule 9 materials are present or likely to be
    present for any purpose
  • HAZID - Hazard identification
  • HAZOP - Hazard and operability study
  • HSR - Health and safety representative
  • LOC - Loss of containment
  • LOPA - Layers of protection analysis

4
Some Abbreviations and Terms
  • MHF - Major hazard facility
  • MA - Major accident
  • OHS - Occupational health safety
  • PFD - Probability of failure on demand
  • PSV Pressure safety valve
  • SMS - Safety management system

5
Topics Covered In This Presentation
  • Regulations
  • Introduction
  • Regulatory requirements
  • What does this mean?
  • Identify all control measures
  • Development of assessment
  • Control category and examples
  • Hierarchy of controls
  • AFAP

6
Topics Covered In This Presentation
  • Effectiveness of control measures
  • Control types
  • Opportunities available to reduce risk
  • Assessment and adequacy
  • Sources of additional information
  • Review and revision

7
Regulations
Basic outline
  • Hazard identification (R9.43)
  • Risk assessment (R9.44)
  • Risk control (i.e. control measures) (R9.45, S9A
    210)
  • Safety Management System (R9.46)
  • Safety report (R9.47, S9A 212, 213)
  • Emergency plan (R9.53)
  • Consultation

8
Introduction
In order to deliver safe operation the Employer
needs to understand the relationship between
9
Introduction
  • At least 23 workers were killed
  • 74 were injured
  • 800,000,000 (U.S.) estimated property damage
  • Controls DO fail and the consequences can be
    devastating
  • (Skikda, Algiers, 20 January, 2004)

10
Introduction
  • Control measures are the features of a facility
    that
  • Eliminate
  • Prevent
  • Reduce
  • Mitigate
  • . . . the risks associated with potential MAs
  • They are the means by which the Employer ensures
    the operation satisfies the Regulations and the
    AFAP requirement
  • A number of control options maybe considered and
    applied individually or in combination

11
Introduction
  • In undertaking control measure identification and
    assessment, the Employer should seek to attain an
    understanding of
  • The processes involved in control measure
    identification/selection and assessment
  • The control measures used to reduce the risk of
    potential major accidents to AFAP

12
Introduction
  • At the end of the controls and adequacy
    evaluation process, the Employer should know
  • The identity of all existing and potential
    control measures
  • The relationships between the hazards, control
    measures, MAs and outcomes
  • The effectiveness of control measures in managing
    risk
  • The opportunities that are available to reduce
    risk
  • The monitoring regime necessary to ensure the
    ongoing effectiveness of the control measures

13
Regulation Requirements
  • After the HAZID and Risk Assessment evaluations,
    the Employer will have identified all of the
    hazards that can lead to MAs and the controls in
    place, including independence, reliability,
    effectiveness, robustness and applicability
  • A determination of the adequacy of the controls
    in managing the hazards then needs to be
    undertaken

14
What Does This Mean?
  • The opportunities present that are available to
    reduce risk need to be assessed, including
    additional or alternative controls
  • The monitoring regime necessary to ensure the
    ongoing effectiveness of the control measures for
    managing the hazards need to be assessed
  • Control measures and adequacy assessment will
    need to be revised as necessary, using
    performance monitoring results and other relevant
    new information

15
What Does This Mean?
Reported incidents by results involving Schedule
9 materials in Victoria (from VWA)
16
What Does This Mean?
  • This accident happened during the filling of a
    2000 m3 LPG sphere
  • Its legs collapsed.
  • One person was killed and one seriously injured

17
Identity of All Control Measures
  • All of the MAs should be documented in an
    appropriate format that clearly identifies
  • The MA (the release modes and the consequences of
    the release)
  • All hazards that, if realised, can cause an MA
  • The controls in place to manage the hazard and
    any recommended controls as a result of the HAZID
    process

18
Identity of All Control Measures
Example, consider a chlorine drum handling
operation
19
Identity of All Control Measures
20
Identity of All Control Measures
  • Control measures are not only physical equipment,
    but may include
  • Engineered devices (physical barriers such as
    impact protection bollards) or systems (high
    integrity trip systems)
  • High-level procedures or detailed operating
    instructions
  • Information systems (incident reporting systems)
  • Personnel training (i.e. the actions people
    should take in an emergency)

21
Development of Assessment
  • It is important to understand how controls are
    arranged in a manner that eliminate or minimise
    the hazards leading to an MA occurring, and any
    interdependence
  • Control measures may be pro-active, in that they
    eliminate, prevent or reduce the likelihood of
    incidents
  • They may be reactive, in that they reduce or
    mitigate the consequences of an MA

22
Development of Assessment
  • Control measures may be considered as barriers
    and are located between the intrinsic hazards
    that could lead to an MA
  • Control measures can also reduce the harm that
    may be caused to people and property in the event
    of an MA
  • Hazards can result in an MA harming people or
    property only if controls have failed to function
    as intended, or have been bypassed/defeated

23
Development of Assessment
1st barrier
2nd barrier
3rd barrier
24
Development of Assessment
  • There are methods for the control assessment
    process
  • The size, complexity and knowledge of the MHF
    could determine which approach to use
  • Several methods can be used, e.g.
  • LOPA
  • Fault tree and event tree
  • Risk matrix

25
Control Measure Hierarchy
The hierarchy of controls effectiveness
guidelines
26
Control Measure Hierarchy
  • Elimination/substitution controls
  • Prevention controls
  • Reduction controls
  • Mitigation controls

27
Control Measure Hierarchy
28
Control Measure Hierarchy
29
Control Measure Hierarchy
30
Control Measure Hierarchy
31
Control Measure Hierarchy
32
Control Measure Hierarchy
33
AFAP
  • It is the risk assessment that provides the
    information necessary to test this requirement,
    and this information must be included in the
    safety report
  • The risk assessment must address hazards and risk
    both individually and cumulatively
  • Consequently the demonstration that risks are
    eliminated or reduced to AFAP may need to be made
    for control measures individually, in groups and
    as a whole

34
AFAP
  • The AFAP approach is not simply about satisfying
    a single criterion of whether the risk of an MA
    is less than a specific number or position on a
    risk matrix
  • It is about evaluation of all controls, their
    proportionality for controlling the risk of an MA
    occurring and if additional controls can
    reasonably have an effect on reducing the risk of
    an MA further

35
AFAP
  • The likelihood of the hazard or risk actually
    occurring
  • That is, the probability that someone could be
    injured or harmed through the work being done
  • The degree of harm that would result if the
    hazard or risk occurred
  • For example fatality, multiple injuries, medical
    or first aid treatment, long or short term health
    effects
  • The availability and suitability of ways to
    eliminate or reduce the hazard or risk

36
AFAP
  • What is known, or ought reasonably be known,
    about the hazard or risk and any ways of
    eliminating or reducing it
  • The cost of eliminating or reducing the hazard or
    risk
  • That is, control measures should be implemented
    unless the risk is insignificant compared with
    the cost of implementing the measures

37
AFAP
  • The balance between benefits in terms of reduced
    risk and the costs of further control measures
    will play a part in achieving and demonstrating
    AFAP
  • Every safety report will need to develop an
    approach as to how the AFAP argument is to be
    applied to the facility
  • The AFAP approach then needs to be applied
    consistently to every MA in order for
    demonstration of adequacy to be satisfied

38
AFAP Cost/Benefit Rejecting Controls
39
Effectiveness of Control Measures
  • There are controls and safeguards
  • A control is considered to be a device, system,
    or action that is capable of preventing a cause
    from proceeding to its undesired consequence,
    independent of the initiating event or the action
    of any other layer of protection associated with
    the scenario
  • A safeguard is any device, system or action that
    would likely interrupt the chain of events
    following an initiating event

40
Effectiveness of Control Measures
To be considered a control, it must be
41
Effectiveness of Control Measures
  • As an example, consider an employee action to
    read a level gauge and a pressure gauge - both
    taken off the same tapping point
  • Is a single tapping point for two different
    information streams applicable, independent and
    reliable?
  • Will the employee reliably report the correct
    information?

42
Effectiveness of Control Measures
  • These have been built into a system - but are
    they

The answer - NO
43
Effectiveness of Control Measures
  • Every designer, Employer and manager desires to
    have controls that are
  • Robust
  • Reliable
  • Can survive harsh environments
  • Not dependent upon rigorous inspection and
    testing regimes that involve manpower and cost
  • Unfortunately this is not reality

44
Effectiveness of Control Measures
  • Controls do fail and accidents occur as a result

Result of a fire at a bulk storage facility was
there adequate separation and fire protection?
45
Effectiveness of Control Measures
  • Impact on
  • Environment
  • People
  • Business interruption
  • Cost of inventory
  • Reputation
  • Legal cost

46
Effectiveness of Control Measures
A good management system
47
Effectiveness of Control Measures
With adequate risk control measures
48
Effectiveness of Control Measures
Reduces the risk of loss
49
Effectiveness of Control Measures
  • These controls are important to analyse in a
    structured manner so that their effectiveness can
    be assessed
  • For this to occur the Employer needs to know
  • What type
  • How many
  • How reliable are the controls
  • Are there sufficient to reduce MA risk to AFAP?
  • Each control needs to be fit for purpose and
    designed into the system as independent

50
Control Types
  • In each evaluation the type of service being
    evaluated needs to be taken into consideration
    critically to ensure the control type is
    effective and will perform its intended duty
  • For example consider an instrumented level gauge
    with high level and high high level independent
    alarms for controlling the level in a process
    tower
  • The alarms are not tested and the high high level
    is known to be in fault mode
  • Is this control reliable, effective and
    applicable?

51
Control Types
Controls need to be service and situation
dependent in order to be suitable
  • For example, having a rupture disc in place where
    the inlet can foul in this circumstance the
    correct pressure will not be seen by the rupture
    disc
  • Such a control would not be suitable for the
    service
  • Bund in service for flammable liquid storage
    tanks which has major penetrations
  • This control would not be suitable as it cannot
    satisfy AS1940

52
Control Types
  • The following is an animated description of the
    US Chemical Safety Board, Animation of BP Texas
    City Refinery Accident, October 27, 2005
  • This can be found at the following website
  • www.csb.gov

53
Control Types Human Controls
  • Such controls involve reliance on employees to
    take action to prevent an undesirable consequence
    in response to alarms or following a routine
    check of the system
  • Human performance is usually considered less
    reliable than engineering controls
  • Not crediting human actions under well defined
    conditions is considered to be unduly penalising
    the Employer

54
Control Types Human Controls
  • Human controls should have the following
    requirements
  • The indication for action required by an employee
    must be detectable
  • The action must always be
  • Available for the employee
  • Clear to the employee even under emergency
    conditions
  • Simple and straight forward to understand
  • Repeatable by any similarly trained/competent
    employee

55
Control Types Human Controls
  • The time available to take action must be
    adequate
  • Employees should not be expected to perform other
    tasks at the same time there needs to be clear
    priorities
  • The employee is capable of taking the action
    required under all conditions expected to be
    reasonably present
  • Training for the required action is performed
    regularly and is documented
  • Indication and action should normally be
    independent of any other system already accredited

56
Control Types Human Controls
Examples of reduction (human) controls
Taken from Layer of Protection Analysis,
Simplified Process Risk Assessment, Centre for
Chemical Process Safety, American Institute of
Chemical Engineers, 2001
57
Opportunities Available to Reduce Risk
The effectiveness of control measures in managing
risk
  • Each control, to be classified as a legitimate
    control against an MA (i.e. implemented,
    functional, independent, monitored and audited)
    must be evaluated in a structured format
  • To ensure proper management of the MAs, each
    control must be fully independent of the other
    controls listed
  • there must be no failure that can deactivate two
    or more controls (e.g. common cause failure)

58
Opportunities Available to Reduce Risk
  • The question people ask is, how many controls are
    required to reduce a MA to AFAP?
  • This will depend on
  • The circumstances
  • The process being analysed together with the mix
    of independent controls
  • One approach used is to have a qualitative
    evaluation that requires three independent
    controls to be in place before AFAP can be
    achieved

59
Opportunities Available to Reduce Risk
  • Risk is based on the following equation
  • Risk ?(Fi x Ci) (F1 x C1) (F2 x C2)
    .....(Fn x Cn)
  • Where
  • Fi is the Frequency or likelihood of event i, and
  • Ci is the consequence of event i
  • Risk reduction can be implemented by changing
    either the frequency of the MA occurring or the
    magnitude of the consequence of the MA

60
Opportunities Available to Reduce Risk
  • For evaluation of control measures, there are
    several issues that need to be considered
  • Existing MHF Facility
  • During a risk evaluation process for an existing
    facility, it would be very unusual to achieve a
    reduction in the worst case consequences of an MA
  • Reducing the frequency or likelihood of the event
    occurring is generally the only option available

61
Opportunities Available to Reduce Risk
  • New MHF Facility
  • For a new facility, both components of the risk
    equation can be reduced
  • Several issues can be explored when designing a
    new facility
  • The first point of examination is to focus on the
    hierarchy of controls
  • Can we eliminate the hazard so it is not a
    problem?
  • The second area to examine is substitution
  • Use of alternative non Schedule 9 or DG materials

62
Opportunities Available to Reduce Risk
Elimination Controls
  • The effectiveness of an elimination control is
    considered to be 100
  • The risk from an event occurring is reduced to
    zero
  • This is the optimal type of control
  • If an Employer cannot reduce the risk to an
    acceptable level, the feasibility of shutting
    down plant equipment/processes, substituting
    non-hazardous substances for hazardous substances
    should be considered

63
Opportunities Available to Reduce Risk
Prevention controls
  • The effectiveness of prevention controls is based
    on their Probability to Fail on Demand (PFD)
  • PFDs can be determined from site specific
    maintenance/inspection data and incident data
  • In the absence of site specific data, PFDs can be
    referenced from worldwide failure rate data
    publications such as OREDA, EP Forum, etc

64
Opportunities Available to Reduce Risk
Reduction controls
  • Assessing the effectiveness of reduction controls
    is a lot more subjective than assessing the
    effectiveness of elimination or prevention
    controls
  • There are many variables that affect the
    integrity/effectiveness of such controls
  • These cover
  • Reliability of instrumentation
  • Inspection and testing frequency requirements
  • Effectiveness of testing programs and feedback on
    opportunities for improvement
  • Frequency of training employees

65
Opportunities Available to Reduce Risk
Reduction controls
  • For example, an operating procedure can be a
    highly effective reduction control provided it is
    readily available, regularly referenced and
    frequently reviewed and there is independent
    verification of its output
  • The same argument holds for a change management
    process
  • Human factors evaluations should be used to
    determine the reliability of an operating
    procedure if it is critical to the activity

66
Opportunities Available to Reduce Risk
  • Training/competency controls
  • The effectiveness of training controls is not
    easily assessed
  • Training programs that are
  • Specific to the task at hand
  • Competency assessed
  • Revisited via re-fresher training courses
  • Are likely to be highly effective with
    confirmation being available through human
    factors evaluations

67
Opportunities Available to Reduce Risk
  • Where elimination or substitution cannot be
    achieved then a combination of controls is
    preferred
  • This provides a balance
  • The failure of a single control should not lead
    to the MA occurring

68
Assessment and Adequacy
  • There are a number of approaches that can be used
    to undertake an assessment of an MAs controls to
    determine if the AFAP argument is satisfied
  • These include
  • LOPA
  • Fault and event tree analysis
  • Risk analysis using a matrix approach
  • The approach to use will depend on the complexity
    of the MA and the culture of the organisation

69
Assessment and Adequacy
  • Less complex and smaller operations could use a
    risk matrix type approach
  • A more complex operation such as a refinery or
    gas processing plant could use all three
    approaches
  • When determining effectiveness of control
    measures, the following issues will also need to
    be considered
  • Independence
  • Functionality
  • Survivability
  • Reliability
  • Availability

70
Assessment and Adequacy
  • Cost benefit analyses can be undertaken to
    determine the viability of each proposed
    recommendation for further risk reduction
  • This is a valid approach and at some point,
    depending on the circumstances involved, the cost
    of reducing risk further becomes costly compared
    to the benefit gained
  • Controls that are rejected need to be documented
    including the reason why
  • The definition of a critical control is hard to
    define as various interpretations can be provided
  • This could, in some circumstances, skew thinking
    to the detriment of other controls
  • For the purpose of MA controls and adequacy
    evaluation, all controls that prevent or minimise
    the potential for an MA to occur should be
    appropriately evaluated

71
Assessment and Adequacy
  • In essence there will have been a determination
    made on every MA covering
  • What controls are in place?
  • What other controls are in place?
  • Is there only one control in place or is there a
    proportionality of controls available to achieve
    AFAP?
  • Is the risk adequately controlled?
  • Are additional controls required?

72
Assessment and Adequacy
  • Are they effective?
  • Would alternative controls be more suitable and
    effective for preventing or reducing the MA?
  • What testing regime is required for maintaining
    the control performance?
  • Is the testing regime adequate for every control?
  • For example, if some controls are tested every 12
    months, what improvement would there be if
    testing was undertaken every 3 months?

73
Assessment and Adequacy
  • Are the controls audited and their performance
    evaluated against appropriate criteria?
  • How are failures reported?
  • What is the corrective action process in place?
  • Is there verification of the entire process?

74
Assessment and Adequacy
  • A safety management process will need to be
    developed for the facility (i.e. SMS)
  • This will enable the performance of all control
    measures for every MA to be evaluated for
    effectiveness and opportunities for improvement
    identified

75
Sources of Additional Information
  • Major Hazard Facility Guidance Material Comcare
    website www.comcare.gov.au
  • WorkSafe Victoria Guidance Material WorkSafe
    website www.workcover.vic.gov.au
  • Layer of Protection Analysis, Simplified Process
    Risk Assessment, Centre for Chemical Process
    Safety, American Institute of Chemical Engineers,
    2001
  • Hazard Identification and Risk Assessment, Geoff
    Wells, 1996
  • Classification of Hazardous Locations, A.W. Cox,
    F.P. Lees and M.L. Ang, IChemE, 1993

76
Sources of Additional Information
  • Guidelines for Process Equipment Reliability
    Data, Center for Chemical Process Safety of the
    American Institute of Chemical Engineers, 1989
  • Loss Prevention in the Process Industries , F. P.
    Lees, Appendix 14/5, 2nd Edition, Butterworth
    Heinemann
  • IEC 61511-3 Ed. 1.0 E - 2003 - Functional
    safety - Safety instrumented systems for the
    process industry

77
Questions?
Write a Comment
User Comments (0)
About PowerShow.com