Holistic Approach to Safety

1
Holistic Approach to Safety

• Bart Winters
• Honeywell
• May 24, 2006

2
Presenter

• Bart Winters
• BS Manufacturing Engineering Brigham Young
  University
• 22 Years Honeywell Process Solutions
• Software Development HMI Alarm/Event Management
• Batch SCADA Project Engineering
• Engineering Management
• Batch Product Management
• Alarm Applications Product Management
• Asset People Effectiveness Business Consultant

3
History Lesson

• Pat McLaughlin and Peter OReilly
• 1859 Six-Mile Canyon, Nevada
• Find a vein of quartz crystal laced with gold
• Biggest problem mining the gold was --
  bluish-gray mud/clay that stuck to everything
• Discarded in huge piles outside the mines

4
History Lesson (cont.)

• John Mackay a miner with geology and mineral
  training recognizes the mud
• Assayed a sample of the bluish-gray mud
• Buys several of the spent mines
• Result
• Silver content worth 2500-3000 per ton in 1859
  dollars
• Annual silver production from 6M to 60M / year
• 50 1 silver to gold production

5
When You Think SafetyDo You Think?

• Regulatory controls
• Safety instrumented systems
• Fire and gas systems
• Burner management systems
• Compressor / turbine monitoring systems
• Manually activated protective functions (e.g.,
  remote isolation valves, water curtains/cannons)

6
Standards Help ButAre We Safe Enough?

• Many Regulatory Requirements Standards
• OSHA (US) or HSE (UK) etc.
• EPA
• International Organization for Standardization
  (ISO)
• Instrumentation, Systems, and Automation Society
  (ISA)
• American Petroleum Institute (API)
• National Fire Protection Association (NFPA)
• International Electrotechnical Commissions (IEC)
• Engineering Equipment and Materials Users
  Association (EEMUA)
• American Institute of Chemical Engineers (AIChE)

7
Consider the Following
314M
412M
500M
20B Annual Preventable Abnormal Situations is US
Alone
2,000M
1,400M
100M
275M
139M
Source ASM Consortium
8
Abnormal Situation Management Consortium

• Charter
• Research the causes of abnormal situations
• Guidelines and best practices
• Technologies to address this problem
• Deliverables
• Technology, best practices, application
  knowledge, prototypes, metrics
• History
• Started in 1994
• Co-funded by US Govt (NIST)
• Budget 16M USD

www.asmconsortium.com
9
Human Factors Are at the Core

• 42 of Abnormal Situations People Related
• ASM Consortium Research
• In systems where a high degree of hardware
  redundancy minimizes the consequences of single
  component failures, human errors may comprise
  over 90 of the system failure probability.
• A Managers Guide to Reducing Human Errors API
  Publication 770, March 2001
• Human failures are responsible for up to 80 of
  all types of accident
• UK Health Safety Executive (HSE) Human Factors
  Briefing Note No. 1 Introducing Human Factors

10
Tendency to Blame The Operator
11
Management Responsibility

• Most mistakes are committed by skilled, careful,
  productive, well-meaning employees.
• Rather than blaming the individual involved
  attempt to identify the root causes of the error
  in the work situation and implement appropriate
  corrective actions.
• A Managers Guide to Reducing Human Errors API
  Publication 770, March 2001

12
Components of Human Factors

• Actions or inactions of individuals are
  influenced by
• Organizations structure culture (formal
  informal)
• Procedures work processes (formal informal)
  used to perform their  activities
• Automation and equipment involved in these
  activities (software and hardware)
• Environments in which the individual conducts
  activities (control room, field, etc)

13
ASM Guidelines
14
Reducing Frequency Impact of Abnormal
Situations
x 10000
4
3
1) Initiating Event 2) Normal Detection
Intervention 3) Mistakes 4) Lapses (Misses
Event) 5) Ideal Detection Intervention
x 1000
x 100
Impact (Cost)
2
x 10
5
1

x 1
0
Time
Gartner group
15
Learnings from ASM Member Companies Best
Practices

• Simulation Training
• ASM Operator Interface
• Operating Envelop Management
• Alarm Management
• Procedure Operations

16
Learnings from ASM Member Companies Best
Practices

• Simulation Training
• ASM Operator Interface
• Operating Envelop Management
• Alarm Management
• Procedure Operations

17
Unwanted By-products of Automation(or how to
make people stupid)

• Disabling expertise
• Slowing the rate of learning
• Teaching dysfunctional skills

18
Recognition Primed Decision (RPD)Model (Klein)
Perceived as typical (Prototype or Analogue)
Recognition
Implement Action
Additional Steps Due to Lack of Expertise
19
Experts Under Pressure
Good
3.2
Experts
3.0
Decision Quality
2.8
Novices
2.6
Poor
6 seconds
2.25 min
Time allowed for Decision
20
ASM Effective Operations PracticesCategory 3
Knowledge Skills Development

• Continuous learning not one-time activity
• Define competency model
• Link to your site major accident risk assessment
• Team based with clear roles responsibilities
• Frequent study and incorporation of historical
  upsets and near misses
• Use of training simulator for best results

21
Effective Training PracticesAreas of Focus

• Developing and Maintaining Staff Competence
• Health Safety Executive (HSE) 2002 ISBN 0 7175
  17327
• Designing for Continuous Learning
• Bullemer, P. and Nimmo, I. New Training Strategy
  Design the Work Environment for Continuous
  Leaning. Chemical Engineering Progress. January
  1998.
• Operations and Maintenance Competency-Based
  Training for ASM
• Pankoff, J. Training Todays Process Plant
  Operator. Hydrocarbon Process, August, 1999.

22
Learnings from ASM Member Companies Best
Practices

• Simulation Training
• ASM Operator Interface
• Operating Envelop Management
• Alarm Management
• Procedure Operations

23
An Effective Graphic?
24
Consider

• Tasks being performed
• Use of color (salience)
• Display navigation
• Number of keystrokes
• Use of symbols process connections
• Use of text and numbers
• Memory limitations
• Visual coding (pattern recognition)
• Impact of shift work
• Work environment (lighting, noise, etc.)

25
ASM User InterfaceWorth 1M/yr for ethylene plant

• Comparing ASM designed operator interface vs
  traditional standard operator interface
• Operators with similar experience on identical
  units measured with simulation based scenarios
• gt38 improvement in recognition of process
  deviations before the 1st alarm
• 26 improvement in their ability to successfully
  resolve problem
• 35-48 improvement in overall operator response
  time to deviations

Source ASM Meeting report Oct. 2004 see also
http//www.chemicalprocessing.com/articles/2006/04
1.html
26
Learnings from ASM Member Companies Best
Practices

• Simulation Training
• ASM Operator Interface
• Operating Envelop Management
• Alarm Management
• Procedure Operations

27
Quotes from Longford

• ... operating in alarm mode was sometimes
  necessary to meet the gas order
• Informal rules evolve to achieve goals quite
  different from those originally intended by the
  system designers

28
Determining Safe Operating Boundaries
Source of Limits
Location of Limits
Users of Limits
Reliability xxx yyy
29
Boundary Management
EquipmentConstraints
Operating Boundaries
Application Limits
Hi Hi Alarm Limit (Safety)
Design Safety Corrosion Proces Reliability Environ
mental
Manager UserAlert Hi-Hi Alert Limit
HI Alarm Limit (Reliability)
Environmental Engr. UserAlert Limit
APC Limit
Operational Target Limit
Operator X UserAlert Limit
Lo Lo Alarm Limit (Safety)

• Consistent reference point based on facts,
  documented and available to the entire operating
  team and other applications
• Thorough PHA, HAZOP, and alarm system design with
  cross functional team
• Clear definition of safe upper and lower limits
  (OSHA 1910.119)
• Identify what to monitor (alarms, alerts,
  production targets)
• Captured and make available knowledge from PHA,
  HAZOP, AOA, other processes

30
Do You Know Your Limits?Does the Operator Know?

• Information from HazOp and other critical
  processes captured and used to design for
  operability
• What are the limits?
• How to respond to deviations

31
Operator Feedback

• We cant set our targets out of the unit limits
• Thought I knew everything - learned something
  from this work
• No more "just do it" - now why is explained

32
Operating Envelope Management Improves
Operational Reliability

• Management of Alarm Limits
• Alarm rationalization ( of alarms)
• Integrity of alarm limits (understanding
  context)
• Expected actions in response to alarms
• Mode-based alarming
• Alarm enforcement
• Management of change
• Improve Operator Workflow, Data Access and
  Visibility
• Shift/daily operating plan
• Operating procedures
• Operator task management
• Improve communication between operators
• Checklist shift handover
• Electronic logbook
• Validate operating plan against operating
  envelope boundaries
• Provide analysis tools for continuous
  improvement

33
Learnings from ASM Member Companies Best
Practices

• Simulation Training
• ASM Operator Interface
• Operating Envelop Management
• Alarm Management
• Procedure Operations

34
Alarm Management Risk Factors

• High alarm rates
• High of standing/stale alarms
• High of disabled alarms
• Little or no priority distribution
• Temporary changes become permanent
• No rationalization and documentation information
• No operator guidance or alarm help

35
Alarm Management Life Cycle
Drill Down
Level of Effort Required for Analysis
Performance Monitoring
Root Cause Event Analysis
Dynamic Analysis
Static Configuration Reports
Alarm Documentation
Industry Benchmarks
Alarm Enforcement
Unit Benchmarking
36
Learnings from ASM Member Companies Best
Practices

• Simulation Training
• ASM Operator Interface
• Operating Envelop Management
• Alarm Management
• Procedure Operations

37
Procedure Challenges

• Ensure procedures are followed correctly and
  consistently for safety, increased production and
  best on-spec product
• Capturing the knowledge of staff due to
  retirement and change
• Improve transitions between operating modes or
  feed-stocks in response to market demand
• Reduce operator workload in non-value added
  areas, to consolidate the work-force, thereby,
  allowing operators to have more time to focus on
  cost control and profit maximization.

38
Procedures on Continuous Processes
Shutdown/Startup seldom executed therefore
subject to error or inconsistencies
Grade Change Normal production change (grades,
rates, equipment, etc)
Abnormal Condition resulting in SafePark
Bringing the plant to a safe holding point that
may be resumed by Operations, or subsequently to
Shutdown the plant.
Cyclic Planned Activities Tasks repeated based
upon well defined criteria, normal operations
(regeneration, pump changeover, decoking, etc)
39
Procedure Identification
Procedure HAZOP Expert Judgment
Complexity Consequence Frequency
In-task Review Resource
Field or Console
Inputs
Interaction Techniques (Paper and Electronic) -
Procedure Content - Procedure Structure -
Procedure Format - Navigation - Terminology -
Status Format - Data Entry
Effective Procedure Design for Context of Use
Outputs
40
Effective Interaction w/ Procedures Solution
Concepts

• Paper-based procedures Typically in a binder or
  printed as needed from database
• On-line static procedures Viewed in on-line
  can be browsed and printed.
• On-line interactive procedures Can be tracked,
  updated, and status information may be presented
  from various sources automated workflow
• On-line hybrid procedures Provide feedback on
  status and can execute actions automatically or
  initiated by the operator

41
(No Transcript)
42
Conclusions
43
When You Think Safety Do You Think Human Factors?

• Are human factors considered in all the aspects
  of safety engineering? Is it part of your
  culture?
• Identification
• Assessments
• Mitigation
• Standards a necessity but remember the big
  picture
• Remember the 501 Ratio

44
Questions?